4

The standard HTTP Authentication for SOAP passed the password etc in cleartext,and I'm looking for an alternative, possibly a key based mechanism to authenticate web services in lieu of the password.

OAuth is gaining a lot of popularity; would it be appropriate, and how would I implement it? Or perhaps there are other methods I should use.

The project itself is relatively simple, with just a one or two methods to be exposed, but security is of the utmost importance.

Improve this question

1 Answer 1

Reset to default
5

I don't see why not. All the OAuth parameters can go directly in the URL so that pretty much means it can work with just about any service API. You'll just have to validate the various bits and pieces (oauth_consumer_key, oauth_nonce, oauth_timestamp and oauth_signature) within your service's controllers.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You can also pass the parameters in other parts of the request, such as the headers.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.