I did some research the other day to secure my REST API using The Slim framework.
I found a tidy little way to force HTTP authentication (basic, in this case) using this article as well as the PHP manual.
I get the client to provide the user name and password, then I can look up the (hashed) password in the database. It simply causes the call to authenticate each login with their corresponding password.
In combination with forcing the page through https (a .htaccess task) and this, I can protect API access pretty simply.
I used this in VB6 (and the great Chilkat components) to authenticate a PUT command. I can now more safely allow database inserts from over the Net. It was as simple as:
|
1 2 3 4 5 6 |
Dim oHttp As New ChilkatHttp Dim resp As String oHttp.Login = 'userid' oHttp.Password = 'supersecret' resp = oHttp.PutText('http://my.apiurl.com',sXMLText, "utf-16","text/xml",0,0) |
Next task is to find a more secure way to access the (read-only) API from JavaScript, without just embedding a password in the source code. This looks like a great start.