Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

API key authentication is not very hard, and is typically pretty application-specific.

What is stopping you from doing it in-house?



It seems like in-house is the way to go since there are no other alternatives.

Things we would have to build:

  - Generating API Keys (with expiry)

  - Storing API Keys securely

  - Revoking API Keys 

  - Adding metadata to API Keys
It seems like there could be a generic API to power all of that, while still enabling applications to be opinionated about whether the incoming request is authenticated and has the right permissions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: