I'm looking for suggestions about a RESTful API design. I've read a lot about REST API schemes, ways of authentication/authorization etc. What I can't decide is if I really need to use API keys. From what I understand using API keys is useful if you want to monitor the usage, limit each application's requests and for statistical data.
What I want to avoid is having to create additional web interfaces for adding/managing/removing applications and adding/removing application administrators. Maybe there's a simpler way to do the API key distribution. Or do I really need those? I mean, monitoring and limiting the usage is cool and sounds useful but does it deserve the other things I need to make for keys distribution.
To be more specific my website is something like slideshare and scribd. I want to give API access to its functions like adding and managing documents and getting information about users. So for example to upload a file you need to somehow authenticate and use a specific account to do it. In this case is an API key a requirement or I can just stick with authenticating users?
So what do you think is the best way for me to handle API keys? Or should I use them at all? Is there a more clever way to distribute (create, remove) the keys?
well do you know mashery http://www.mashery.com/ and programmableweb?
maybe there are some useful ressources http://www.mashery.com/solution/collegeboard
i would use api keys for statistics and limitation but also serve some services without an api key like google does
You can create easily APIs with solutions like
Restler http://luracast.com/products/restler/
Frapi http://getfrapi.com/
The Datatank http://thedatatank.com/
Services (just for Drupal) http://drupal.org/project/services
there are some more: http://blog.programmableweb.com/2011/09/23/short-list-of-restful-api-frameworks-for-php/