Not exactly sure what you mean. BUT... In ever client-server API-like communication, the security check flow is just like in the case of the OpenID communication and goes like this:
You have the client C, further referred to as Consumer
You have the server S, further referred to as Server
You assign the C a Consumer Key
You assign the C a SECRET KEY
You register that Consumer Key, AND Secret Key inside the S Server, so that you will be able to know how to encrypt-decrypt the Consumer requests in the Server side
In every request you make from C to S, you SIGN the request using that Consumer Key and the Secret Key, thus generating a Public Key.
When the request reaches the Server, you check for data signature using the same encryption method as you did with the Consumer Key
In translation, if you need to make this request:
http://server.com/get_data.php?data_id= ... ther_param
Your request would actually look like
http://server.com/get_data.php?data_id= ... public_key
Where the_generated_public_key will be:
Code: Select all
hash_hmac($data_id . $name . $CONSUMER_KEY, $SECRET_KEY);
This is all pretty self-explanatory, it just signs your request.
You'll just have to do the same in the server when you get the data.
This also works in the case of SOAP since all you'll have to do is compute an md5 hash based on the XML SOAP request.
Dunno if this makes way too much sense, but you should lookup google for "Consumer-server request signature" or something like that
Best of luck.