问题
I am about to create mobile applications (iOS, android, ..) to support existing web application and now thinking how to provide a secure API (ASP.Net Web API) from my web to our mobile apps.
OAuth seems the best way to do it. From what I understand, it is designed to enable 3rd party applications written against our API. But I only use the web services just for my own apps.
Do I need to go with OAuth, or is there any simple way?
回答1:
There is a 2 legged version of OAuth that is designed for 2 party security. That said you don't need to use OAuth. A REST service is basically just an HTTP service so you can use any HTTP authentication you like, even basic authentication will work just fine. Just remember to use HTTPS to protect your passwords on the wire.
来源:https://stackoverflow.com/questions/9789685/creating-an-api-only-for-my-own-mobile-apps-do-i-need-oauth