2

I have been thinking of a way to make a secured request from a client to server (not in terms of implementing an SSL) but a way so that I can prevent spamming.

Allow me to explain what exactly I am looking for.

I have clients that make an HTTP request over REST to talk to my server and access its APIs. Now I have provided separate unique API keys to all customers which they use to authenticate themselves as the user. They use this API key as one of the parameter and make a POST / GET request to my server.

Now the problem is anyone who sees the API key can make spam request to my server acting as my customer.

Is there any way to prevent this? Like a private and public key concept? If yes, can someone link me to any ready made algorithm written in PHP which I can use and easily implement in my web app?

Many thanks in advance.

user2909892
  • 185
  • 1
  • 11
  • How would people see the API key? It's on the server, not visible to the users. – Barmar Jun 27 '14 at 09:22
  • Is this question helpful? http://stackoverflow.com/questions/7551/best-practices-for-securing-a-rest-api-web-service?rq=1 – Barmar Jun 27 '14 at 09:24
  • you can use nginx-naxsi and setup zone filters in `nginx.conf` that will rate limit traffic to the path of your api server. see here http://www.howtoforge.com/rate-limiting-with-nginx. if you are using apache webserver, well you've got bigger problems. also, for private API methods this is EXACTLY the type of usage case for SSL. – r3wt Jun 27 '14 at 10:13

0 Answers0