Validating API Request

middleman666

Hey There,

I'm working on an API for a site and I want to limit it's usage to the developers that have signed up to us it.

At the moment I'm just thinking of making the developers include a md5 hash as their key with every request they make. I would then match this up to the database at my end and validate the developer is allowed to use the API.
So their request url would be something like:
http://api.mydomain.com/?key=58bf1b1ea57a71206f4c24309453b688feceaf45

Is that a easy and secure way of doing this?

If someone else was to get another developers hash key then it wouldn't be very secure would it?

Is there a standard way of validating API users?

Thanks

middleman666

I've decided to limit API use by IP, I validate the request against the key hash which contains the username, password and then use remote_addr at my end to determin the IP the request came from which is also stored in my database to validate against.

I'm still quite interested to see if anyoen does anything different so I'll leave the thread unresolved for now...