Reputation:
REST + Facebook as authentication - best practice?
I'm developing an app that pulls data every 5 seconds from a REST api. In the most simple matter, the app pulls the Facebook user_token and uses it for authentication in the HTTP request. The REST api then checks up with Facebook and pulls data from the given token. Lastly, the data is processed, stored and returned to the client.
Now my question: is this a bad solution? If 10.000 users are connected, and every 5 seconds request data, my REST api would have 50.000 requests to Facebook every 5 seconds. It seems like a lot, but I researched that the limit of Facebook calls, per token, per IP is 600 every 600 seconds. Should I implement a session-based solution myself, and pull the data less frequent?
Oh, by the way: is this even secure? The user_token seem to rarely change, and if a person gets the user_token, he could request a lot of data on another user.
Best regards,
Upvotes: 0
Views: 36
Answers (1)
Reputation: 74004
That limit is just a recommendation, it depends on many factors and there is no static limit. As long as you are using User Tokens for all those Users, you should not have any problem.
Upvotes: 0
Related Questions
- Possible approach to secure a Rest API endpoints using Facebook OAuth
- Architecture Design - REST API to support Facebook Login done by Mobile app
- REST API for website which uses Facebook for authentication
- Facebook Connect - Authentication and Security
- How should a client pass a facebook access token to the server?
- Best practice to handle the FB access token in custom API
- iOS, REST API - Facebook login
- Can I use Facebook OAuth to secure my RESTful web service?
- Securing a REST API with Facebook OAuth
- Which is the better way to implement authentication using login/password AND other social networks?