File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java in General and the fly likes Best way to generate API key Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Best way to generate API key" Watch "Best way to generate API key" New topic
Author

Best way to generate API key

ramesh maredu
Ranch Hand

Joined: Mar 15, 2008
Posts: 210

Hi All,

Currently we have a web application, we want to extend the same for mobile, so we are planning to use a token to validate users to access API's, what is the best way to do it, I thought of using UUID generated based on user name, is it the right approach, how about using Oauth, could someone suggest.

Thanks,
Ramesh


SCJP 1.5 94%.
The greatest glory in living lies not in never falling, but in rising every time we fall.
Winston Gutkowski
Bartender

Joined: Mar 17, 2011
Posts: 7063
    
  16

ramesh maredu wrote:Currently we have a web application, we want to extend the same for mobile, so we are planning to use a token to validate users to access API's, what is the best way to do it, I thought of using UUID generated based on user name, is it the right approach, how about using Oauth, could someone suggest.

Well the main token-based security system that I know of is Kerberos (although it's been a while since I was in that line of business). What do you currently use, and why don't you think it would be any good for a mobile? I presume that any user is still going to have to enter a name/password somehow.

Winston


Isn't it funny how there's always time and money enough to do it WRONG?
Artlicles by Winston can be found here
ramesh maredu
Ranch Hand

Joined: Mar 15, 2008
Posts: 210

Currently we have web application built using struts 2, when user enters his credentials we fetch user information save it in session for further reference. Here cookies are used for session management, to continue using the same without any changes, cookie has to be set in mobile app every time when they invoke struts2 API which returns JSON response.

Well actual idea is to use RESTful API rather invoking web URL directly to get the response in JSON format, so same API can be used by web UI and mobile app, to check for API invoker identity I thought of using API key which is a UUID generated from his username and password.
thomas brian
Greenhorn

Joined: Apr 19, 2012
Posts: 16
I would use a completely random hex code. I would seriously avoid
hashing
the username & password, that leaves all your users vunerable to a
dictionary attack.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Best way to generate API key
 
Similar Threads
Best Way to encrypt a password
Reading Win32 Registy
regading Error Page
Best way to send error page in Jsp
String array to arraylist