Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
The standard HTTP Authentication for SOAP passed the password etc in cleartext,and I’m looking for an alternative, possibly a key based mechanism to authenticate web services in lieu of the password.
OAuth is gaining a lot of popularity; would it be appropriate, and how would I implement it? Or perhaps there are other methods I should use.
The project itself is relatively simple, with just a one or two methods to be exposed, but security is of the utmost importance.
I don’t see why not. All the OAuth parameters can go directly in the URL so that pretty much means it can work with just about any service API. You’ll just have to validate the various bits and pieces (oauth_consumer_key, oauth_nonce, oauth_timestamp and oauth_signature) within your service’s controllers.