[size=12 ]I've been reading up on REST and there are a lot of questions on SO about it, as well as on a lot of other sites and blogs. Though I've never seen this specific question asked...for some reason, I can't wrap my mind around this concept...
Thanks and Regards, Raghvendra Pratap Singh
"Quality means doing it right when no one is looking"
That is what SSL (aka TLS (aka HTTPS) is for. It is designed to prevent "man in the middle attacks" MITM where someone can snoop and see your passwords, api keys, etc.
However, its recently been made public that a fair number of smartphone browsers have deliberate MITM even when you use SSL. This is a disaster, because it break the architectural assumptions made when SSL was designed. Worse, its teaching consumers that it is OK to have some unknown company have the ability to snoop all of your data. Not only your passwords, but your bank and credit card account numbers, etc.
I'm always boggled by the deliberate and willful uses where vendors break what the consumers think is security.
subject: REST authentication and exposing the API key