RESTful API where to place the authorization key

I am creating a Laravel based api targeting portable devices. I have read many articles on how to properly secure data and transfers.

This is the action I am taking to protect:

Submit data to the domain https

usingTLS
Unique API key for each device
Unique Tookens that are restored from time to time.
The received file is used to encrypt data using hmac-sha1

So, I have 2 questions left:

Should I send the API key in the header for example X-Authorization

? Or add it to all of my POST / GET / PUT / DELETE in encrypted data with hmac-sha1

?
Any big difference between the above two ways?

I am mainly based on this tutorial: http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/ And another question related to SO issue

PS If there is anything that you think I can improve, please let me know!

+3

security authentication rest api api-key

Alex Jan 31. At 16:45

source to share

No one has answered this question yet

Check out similar questions:

5153

PUT versus POST in REST

3861

What is RESTful Programming?

2480

How do I send JSON data using Curl from terminal / command line to Test Spring REST?

1198

SOAP vs REST (differences)

731

Best Practices for Securing REST API / Web Service

671

RESTful authentication

557

Authentication versus authorization

176

Building an API for Mobile Applications - Authentication and Authorization

52

REST API Authorization and Authentication (web + mobile)

ten

REST API Key Generation Strategy

All Articles