开发者

Building an API without authentication requirements?

开发者 https://www.devze.com 2023-04-06 02:12 出处:网络
Is it a bad idea to build an API without a key / other authentication requirements? Upsides: Simpler to implement

Is it a bad idea to build an API without a key / other authentication requirements?

Upsides:

  • Simpler to implement
  • Simpler to use

Downsides:

I'm not building the next Facebook here, just a simple data service. I don't expect to have to support tons of users, and my data's static.

Given the above, is it bad practice to build an API without requiring a key, or will I get away with it?


With REST-APIs you use HTTP authentication, there are no keys required.

You only need to authenticate your users if there is content on your site that should not be seen by any user.

You can start without it and if at some point you feel you need to protect your site (or individual resources) from the public, you simply implement HTTP Authentication by sending a 401 status codes if no Authenticate header is present in the request. HTTP clients understand that out of the box, so nothing changes for your users.

Implementation-wise authentication is often just an independent layer or phase in the request handling, so you won't need to rip apart all you code.

0

精彩评论

暂无评论...
验证码 换一张
取 消