0

I'm creating an API that will let games communicate with the user information and score submission to my server. I'm using an API script from http://www.gen-x-design.com/archives/create-a-rest-api-with-php/

What it doesn't talk about the api key (or tokens for that matter). But in getting the data that's sent from the game ie: I want the users to log in from the game. He (the guys whose example I'm using in the link above), says not to use the method he used in the script in a real app to get the data.

What's the best way to get the data. Which are

key, gameid, email, password

Here's the script

$data = RestUtils::processRequest(); switch($data->getMethod) { case 'get': // retrieve a list of users break; case 'post': $user = new User(); $user->setFirstName($data->getData()->first_name); // just for example, this should be done cleaner // and so on... $user->save(); break; // etc, etc, etc... }
Improve this question

2 Answers 2

Reset to default
1

You should take a look at oAuth or perhaps Digest auth.

http://oauth.net/

http://en.wikipedia.org/wiki/Digest_access_authentication

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Usually you would have the user log into the service securely and get a one time token or password (OTP). This token can then be encrypted and passed back and forth as needed.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.