I'm currently in the development phase of writing my own RESTful API, but I'm having a bit of trouble finding information/tutorials on how to handle API keys. My Google searching only brings me to canned examples of REST, but without any mention or examples of how keys can/should be created/stored/used.
Any links to quality tutorials and/or best practices would be greatly appreciated.
Try Brian Mulloy's posting at
API Design: Deciphering Security
https://blog.apigee.com/detail/api_design_deciphering_security
Which also links to Greg Brail's OAuth implementation overview at
OAuth: Implementing OAuth 2.0
https://blog.apigee.com/detail/oauth_implementing_oauth_2.0