Let state that I've got a website with a few information that may be access externally. Individuals information have to be just have to change byt the respected client. Example: Google Analytic or WordPress API key. How do i produce a system that actually work like this (regardless of programming language)?
- Produce a key for every user
- Deny access for every request without it key
Here is really a document on API design.
A great way of producing a vital is always to store a GUID (Globally Unique Identifier) on each user record n the database. GUID will probably be unique and nearly impossible to guess.
Presently, I personally use a concatenation of multiple MD5s having a salt. The MD5s are produced from various concatenations of user data.