Page 1 of 1

REST API OVER HTTPS

Posted: Mon Feb 08, 2010 11:44 am
by phpgeek1982
Hi Team,
I have started working with Web Services since one week, and I'm really struck at this point.

I want to create a REST API with the following set of rules:
1. All REST API calls must take place over HTTPS with a certificate signed by a trusted CA. All clients must validate the certificate before interacting with the server.
2. All REST API calls should occur through dedicated API keys consisting of an identifying component and a shared, private secret. Systems must allow a given customer to have multiple active API keys and de-activate individual keys easily.
3. All REST queries must be authenticated by signing the query parameters sorted in lower-case, alphabetical order using the private credential as the signing token. Signing should occur before URL encoding the query string.

Will be really greatful if anyone in the team gives me a solution.

Cheers!!