CakePHP - REST API - Api id/secret authentication

Question

We have a large high traffic site with a lot of data on it (similar to Kickstarter), and we want to provide to our content/project creators a means of pulling their data from our site via an API.

Someone suggested I use OAuth, however my experience with OAuth is limited to setting up a twitter datasource.

What I want to do

• Provide a user an Application ID and a 'secret'
• Allow this user to connect to our application via an api endpoint, authorizing themselves using the api ID and secret
• Once verified, allow this user to pull only their data from the application
• The data that a user can pull: votes they have cast, pledges they have made, purchases they have made, projects/ideas they have launched, data about those projects/ideas (votes/purchases/orders/cancellations etc)

My question is:

Is OAuth overkill?

Is there a better way to handle a user/users website to connect to our API and pull/verify certain data by using the API we make available, while requiring each incoming request to be authorized for the user/site initiating that request.

Ideally, we will have an endpoint that is accessed as:

https://api.oursite.com/request/params

We want this to be as simple as possible for our users that wish to implement this interface. Thanks for your help!

Answer 1

Generally it's OAuth, in combination with SSL. That's the standard and is likely to stay. Before we saw also logins: username + password to access an API but that's becoming less and less.

So the suggested way is OAuth. There are no serious other solutions yet. To make it easier to adopt your API you could release some classes in some development languages so developers can have a quick start. You could start releasing those classes at for example GitHub to raise adoption of your API and get a quick access to developers. They might, if you do well, even start improving it.