I am searching for information on a Peaceful API design. I have read a great deal about Relaxation API schemes, methods for authentication/authorization etc. Things I can't decide is that if I really should use API secrets. From things i understand using API secrets is helpful if you wish to monitor the usage, limit each application's demands as well as for record data.

What I wish to avoid is needing to create additional web connects for adding/controlling/getting rid of programs and adding/getting rid of application managers. Maybe there is a simpler method of doing the API key distribution. Or will i actually need individuals? I am talking about, monitoring and restricting the usage is awesome and sounds helpful but will it deserve another things I have to alllow for secrets distribution.

To become more specific my website is one thing like slideshare and scribd. I wish to give API use of its functions like adding and controlling documents and becoming details about customers. So for instance to upload personal files you have to in some way authenticate and employ a particular account to get it done. Within this situation is definitely an API key essential or I'm able to just stay with authenticating customers?

What exactly do you consider is the greatest way that i can handle API secrets? Or must i rely on them whatsoever? It is possible to more clever method to distribute (create, remove) the secrets?

Thanks ahead of time :)

well are you aware mashery http://world wide web.mashery.com/ and programmableweb?

maybe you will find some helpful ressources http://world wide web.mashery.com/solution/collegeboard.html

and http://world wide web.3scale.internet/

i'd use api secrets for statistics and limitation but additionally serve some services with no api key like the search engines do