Akash Khanna
Reputation: 159
Do I still need OAuth or API Key with HTTPS for Restful webservice
I am creating an application and native apps which shall access a bunch of RestFul Webservices. We are already using HTTPS to secure the API, but wanted to understand if we still need something like an API Key or OAuth Key to authenticate the data
Upvotes: 0
Views: 60
Answers (1)
Remy Lebeau
Reputation: 597215
Encryption and Authentication are two separate things. Encryption merely prevents outside parties from snooping the transmitted data. You need Authentication if you want to control who has access to which resources using the API.
Upvotes: 2
Related Questions
- OAuth or SSL for Web API
- Rest API under https security
- API Keys vs HTTP Authentication vs OAuth in a RESTful API
- API key encryption in RESTful API?
- SSL: Do I need to secure every endpoint
- API security question: SSL or more?
- Is solely using HTTPS adequate for securing API RESTful web-application?
- What more do I need than SSL? Why
- Do I need to secure the body of a REST request using oAuth?
- Do I need an SSL certificate if using a secure webservice?