1

We have to create a custom API written in PHP that will expose data to various stakeholders. These stakeholders will get access to functions like:

  • getUserDetails($uid)
  • getUserProducts($uid)
  • getUserDevices($uid)

(and possibly more later on...)

My problem is that I am trying to decide on the best way to authenticate users of the API. I thought OAuth would be the way to go, but after reading this, I got the impression OAuth is only really used for things like logging in via Facebook or Gmail etc.

So my question is really this: What is the best type of authentication to use when creating a PHP API that external stakeholders can use? And is OAuth relevant in such a case?

Community
  • 1
  • 1
rockstardev
  • 13,479
  • 39
  • 164
  • 296
  • 1
    Authentication *is* logging in, so I'm not clear on the distinction you're trying to make. OAuth is the standard for this, which is why Google/Facebook/Twitter/etc. all use it for authenticating requests to their APIs. You should too. – ceejayoz Jul 04 '16 at 18:12

3 Answers3

2

If you want external stakeholders to call your APIs, just issue a pair of API key and API secret to each external stakeholder. You don't have to implement OAuth. See also this answer for the question "OAuth (Access Token) Vs API Key".

Community
  • 1
  • 1
Takahiko Kawasaki
  • 18,118
  • 9
  • 62
  • 105
1

Oauth2 is the best solution

neattom
  • 364
  • 2
  • 7
1

Oauth Is The Best Option to ensure security in your REST Apps

You can use this library for implementing your own oauth system

https://github.com/bshaffer/oauth2-server-php

its very easy To Understand and

Deepanshu Gandhi
  • 490
  • 3
  • 10