Reputation: 59
Maintaining API tokens for the entire server in PHP web application
I am developing a PHP application which uses a web service in the back end. To use this web service first the web application should provide a username and password and get an API token which will be valid only for some time. When users logged into the PHP application they will use this back end service and for that the server should user API token that it got previously. This API token is not per user but for the entire application. The PHP web application also needs to periodically update this Token. What is the best approach to maintain this token in server side and periodically update it.
Upvotes: 0
Views: 61
Answers (1)
Reputation: 548
There were not a lot of details in your question, but I am getting a feeling that you want to build an OAuth server as the backend service. There's an amazing package that does this: OAuth-Server.
If you are new to OAuth, you may want to read about it here. To give you perspective, when you allow some Facebook app to access your account details, the OAuth server generates an token for your account and passes it to the app to access your account. Although, facebook has per-user tokens, you can create per-app tokens too (it is called 'Client Credentials Grant' in OAuth terms).
Upvotes: 1
Related Questions
- Webapp - Access token and refresh token
- Keeping securly API tokens in the database
- Share common authentication token between web and app
- Using an App Token with Laravel API for extra security
- Where to store access and refresh token from external web API in Symfony2?
- PHP REST API Token Expiration Flow
- PHP Console Application with OAuth 2.0 Refresh Tokens, how to store?
- Token authentication - where to store the token
- API with tokens
- Can I use a single token generation mechanism for all my PHP token needs?