REST API OVER HTTPS
Posted: Mon Feb 08, 2010 11:44 am
Hi Team,
I have started working with Web Services since one week, and I'm really struck at this point.
I want to create a REST API with the following set of rules:
1. All REST API calls must take place over HTTPS with a certificate signed by a trusted CA. All clients must validate the certificate before interacting with the server.
2. All REST API calls should occur through dedicated API keys consisting of an identifying component and a shared, private secret. Systems must allow a given customer to have multiple active API keys and de-activate individual keys easily.
3. All REST queries must be authenticated by signing the query parameters sorted in lower-case, alphabetical order using the private credential as the signing token. Signing should occur before URL encoding the query string.
Will be really greatful if anyone in the team gives me a solution.
Cheers!!
I have started working with Web Services since one week, and I'm really struck at this point.
I want to create a REST API with the following set of rules:
1. All REST API calls must take place over HTTPS with a certificate signed by a trusted CA. All clients must validate the certificate before interacting with the server.
2. All REST API calls should occur through dedicated API keys consisting of an identifying component and a shared, private secret. Systems must allow a given customer to have multiple active API keys and de-activate individual keys easily.
3. All REST queries must be authenticated by signing the query parameters sorted in lower-case, alphabetical order using the private credential as the signing token. Signing should occur before URL encoding the query string.
Will be really greatful if anyone in the team gives me a solution.
Cheers!!