I have created basic web APIs before for simple, publicly avaiable data using simple PHP Get statements. But I'm wondering how I can create a more secure API where the API call can send private data without it being available as easily as the PHP get statement is.

To confirm, I am looking for methods to actually send private data to a web url and handle it from the url. It would probably be using API keys unique to the user.


Have a look at how OAuth works, it might give you some clues.