I am creating a web service to allow application developers (A.K.A. My friends) to query my database. The thing is, as a security constraint I want to be able to track each user. I am in the process of creating a unique app ID like in FaceBook or Google maps.

The developer must submit a username and email address, and when they click generate a unique key will be generated. The thing is, the database must first be checked if the user/email already exists and also check if the key is already generated (pseudo-random generation protection).

To use the webservice the user will have to enter something like:

webservice.Authenticate(‘app key here’);

to authenticate. Thanks in advance.