Reputation: 127
What is a good way to secure a desktop application API that is exposed via HTTP+REST?
I'm thinking about building a Mac (maybe later Windows) application that would expose its plug-in API to other processes on the same machine via HTTP/REST. Are there any good libraries or good practices you can recommend for validating and restricting access to this API? Does OAuth2 make sense in this context? There don't seem to be a lot of (any?) OAuth2 service provider implementations available for desktop platforms, but I don't see any obvious alternatives to it either.
I'm also considering using CouchDB and I'd like to have a single authentication scheme for reading/writing CouchDB and the non-database functions.
Upvotes: 2
Views: 198
Answers (1)
Reputation: 2659
you may want to investigate the Ubuntu DesktopCouch project that has been going through that exercise about two and a half years ago and that we built the CouchDB OAuth support for. Hope this helps!
Upvotes: 1
Related Questions
- Is it safe give to applications direct access to CouchDB through the REST Api?
- How to Secure CouchDB
- Securing MY REST API for use with MY IOS APP only
- Externally available CouchDB security
- Securing API communication with Oauth
- Secure client-side couchApp / couchDB user authentication
- Session and security in CouchApp/CouchDB?
- OAuth with Desktop Applications
- Secure way to enabling desktop clients to communicated to webapp
- Authentication Sceme for RESTful API used by desktop app