I am planning on deploying a REST API developed using PHP and running on a Centos Linux system. The application evolved, and the API now provides access to potentially sensitive data. I do not want to go with a complicated solution like oAuth, and was wondering if there’s a simpler solution involving ssh certificates. The clients accessing this API include standard desktops, as well as iPhone and Android devices. I realize that this is not exactly a programming question, but in a way it is, because it’s about securely accessing the code I’m developing.
Share
You probably meant client SSL certificates. It will work, your only potential future trouble is managing the certificates – issuing, revoking, distributing and so on. Obviously this will only be the case if the user base is large or experiences a lot of change. OAuth does not have this problem.
Check any Google results on how to set this up, for example http://www.impetus.us/~rjmooney/projects/misc/clientcertauth.html looks good.