API key authentication and user authentication best pratice

Can someone guide me on the best practice for this situation;

I have a REST service which developers can access with an API KEY. (I have this working in the WCF WEB API), so this part is done.

I would like developers to be able to validate a USER. i.e. use REST to check the username and password entered by a user.

Each of the end point methods only needs API KEY authentication, rather than basic authentication on the method call (if you see what I mean).

How should I best implement this?

Phil.

Solution

To securely send password data to a RESTful service you will need to secure communications across http. There are loads of ways to do this, see this post here: How to secure RESTful web services?

XML Serializer not creating attributes
The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'
Unauthorized with client authentication scheme NTLM
Is .NET Remoting really deprecated?
System.ServiceModel not found in .NET Core project
WCF Test Clinet - Can't Edit Config File
Error message "WCF Service Error 413 Entity Too Large"
BizTalk 2020 WCF-Sql Polling Receive Location no Response
Why does the ASP.Net MVC model binder bind an empty JSON array to null?
Is this use of using an appropriate way to dispose of resources being that a DataSet is returned in a WCF method?
Explicit SSL / TLS version selection
SOAP service - Cannot convert source type [Something[]] to target type [Something]
DTOs. Properties or fields?
Adding WCF proxy class hides Visual Studio project reference
WCF WebInvoke with query string parameters AND a post body
Caching plaintext passwords in memory of WCF service
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM'
WCF InvalidOperationException: A binding instance has already been associated to listen URI
Remove root element from MessageHeader
How can I get data from a scale into a web application?
How to solve "Could not establish trust relationship for the SSL/TLS secure channel with authority"
Querying eBay API with WCF
Is the thread blocked when doing database operation?
Could not find an implementation of the query pattern
Periodically - Unable to translate Unicode character X at index Y to specified code page
Remote monitoring design
UWP: how to optimize synchronization between WCF WebServices and SQLite through async calls
Visual Studio states that there is an ambiguous call, when there's only a single method with the given name
Using C# NetTCPBinding and WCF, How Do I Get the Port the Client is Connecting From for Same Machine TCP Communication?
Controlling Namespace Prefixes in WCF XML Output