Requirement is to securing the REST APIs. How can I achieve API Key model with OAuth structure? Server is implemented on Java Spring and iBatis framework with MySQL database.
I read many links that they provide their own OAuth. But I want to implement own Authentication module for the REST APIs.
Basic Requirements I got from the reading: API Key, API Secret, Access Token, TimeStamp.
If you use a pair of API key and API secret (= API credentials) to protect REST APIs, it is authentication that is performed at the REST APIs. On the other hand, if you use an OAuth 2.0 access token to protect REST APIs, it is authorization.
If you want to perform your own authentication at REST APIs, you don't have to care about OAuth. Protect your REST APIs with TLS + Basic Authentication (or your own way) + API credentials.
Otherwise, if you want to perform your own authentication when you issue access tokens and if you want to let REST APIs require an access token, you need to learn how to protect REST APIs with access tokens. In such a case, read "Protected Resource".
