I’m am currently playing around with the third party facial recognition api from face.com. I am able to get the api working on my developer device simply by creating a POST request with the api_key and api_secret as parameters.

However, through what I have read so far this clearly isn’t secure as my secret api_key is clearly accessible in POST data. As I see it the only real way to do this is to have a web-service hosted on Azure (for example) that receives the image data from the users phone, adds the api_secret to it and then passes it to the Face.com api which returns a result and passes this back to the users phone.

From my very limited knowledge, this doesn’t sound terribly efficient. I was just wondering if anyone had any alternative suggestions as to how I could do this? For example: Would it be possible to save the images in temporary blob storage and then send the url of these instead of the raw image data to the Face.com api, therefore it is only being sent once?

And one last thing, I still have some more reading to do on azure but basically if I have once instance and it is waiting for the Face.com api to return a result for one user, another user who may have uploaded a photo has to wait until this has returned until theirs can be processed?