I am in the process of designing an API/web-service with the expectation that it will eventually be able to be consumed by several client web applications/consumers. As part of this service, I would like to have the first consumers be web browsers, in which the API/service provides a website that can access the API.
Is there a feasible/secure way in which OAuth 1.0a may be used for a Consumer (in this case, website) that is ultimately provided by the "same" service as the API itself?
Mainly, how can I ensure that this consumer has a valid secret Consume Key if it gets sent over the wire? Is there a way to "pre-register" an instance of the webpage, with its own Consumer Key, prior to sending?
(I plan on using HTTPS with this design.)
Any direct answers are appreciated, and any references to other online material that may answer my question(s) is also appreciated.
Thanks.
Aucun commentaire:
Enregistrer un commentaire