Reputation: 2039
Securing Jersey 2 Rest API
I'm building a webcrawler (similar to http://diffbot.com | SAAS) with Jersey 2. Other developers should be able to use this API (make a request -> get a JSON response) in a secure way.
Here is the flow:
A users goes to the applications website (register/login).
After the login/registration he should see a panel with API_KEY and API_SECRET.
He can now use this API_SECRET to access the API and therefore the crawler.
Is Ouath suitable for that? Are there better/simpler solutions?
Upvotes: 0
Views: 118
Answers (1)
Reputation:
I assume you want to offer your users the possibility to register applications that can use your API.
I would say for your use case you don't necessarily need OAuth. A simple authentication method like basic authentication (with SSL) would also be sufficient.
As wikipedia put it:
[OAuth] specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.
What you could use OAuth for: To give your users access to your resources (your API), but you want to let them use an existing account for that (say for example their Github account). This way a user does not need an account with your site, but he can authorize his application against your API using Github's authorization facilities.
If you don't mind spending a few hours on learning a bit about OAuth, it will offer you more flexibility.
Upvotes: 1
Related Questions
- Securing Jersey based REST service using oAuth 2.0
- Securing REST services in Jersey
- Implement basic Authentication for rest api using Jersey 2
- How to securing programmatic resources in a jersey?
- Securing a jersey RESTful web service
- Securing RESTful webservices (Jersey on Tomcat)
- Most secure way to secure Jersey REST Services
- secure a rest web service using jersey
- Jersey rest api security
- Implment RESTful webservice with Jersey and spring security