Security of Web API

Hi,

I'm integrating the LimeLM Web API into our cloud backoffice app and I'm a bit concerned the only security seems to be SSL and the api_key.

Am I being overly concerned or is there some additional security I can apply? (Basic, Oauth1.0/2.0??

CheersSteve

HTTP Basic Auth / Oauth 1 or 2 and the dozen or so spinoffs provide no useful benefit over an API key over HTTPS, especially for the use case of the web API.

Just a few things you should note: an API key should never be embedded inside an app that the customer will have access to the binary and/or source code.

But other than that you'll be fine.