vidhu1911 0 Newbie Poster

Recently 2 Admins on my website asked me that they would like to Code a software which will help them Moderate normal users and i agreed by saying that i would code them a very! simple API with only the basic stuff they would need.

Now the question that came to my mind is that how do i restrict access so that only they could use it?

Unsuccessful Solution 1
I thought about using an API key which they would need in order to use the API. But the problem is, if the API key is somehow stolen or leaked, it can cause problems.

Unsuccessful Solution 2
later i thought that what if they Admins needed to Authenticate themselves using their credentials. On authentication, the system would provide them with a Token which can be used like an api key but last for only a finite amount of time like lets say 1 Hour. But the problem with this is that the Admins will have to keep authenticating themselves each time the token expires.

So how can i develop a API in which my Admins have to authenticate themselves only once. Just like when using a 3rd party app which access ur twitter. U just give it permissions only one time.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.