As far as I understand the API model of Google, Amazon, etc., this is what happens: a user requests a new API key to be generated and informs Amazon of his username there. Then, whenever he makes API calls with his key, Amazon will know who's making the call and can gather statistics, charge per usage, enforce permissions, etc.

If I understand how Services works today, the API key isn't used to identify a user, but just to allow or refuse the call. Although a call to user.login() would fix the authentication part, I think that associating API keys to specific users would put the whole Services feature more in line with the state of the art in this domain, in addition to simplifying life for Services clients.

Thanks for considering this.

Comments

marcingy’s picture

marcingy commented
Version: 5.x-1.x-dev » 6.x-1.x-dev

This feature will be considered for drupal 6 version.

marcingy’s picture

marcingy commented
Status: Active » Closed (duplicate)
lee20’s picture

lee20 commented

@marcingy When you mark an item as a duplicate it is quite handy if you link to the original!

marcingy’s picture

marcingy commented

This issue is 2 years old, 6-x-1 is dead and 6-x-2 is feature and 6-x-3 no longer uses keys. It was a duplicate of feature that was considered and rejected and is something that will never be supported in service core.

lee20’s picture

lee20 commented

I figured that part out.. no thanks to this thread..

But your #4 comment may help the next person who stumbles upon this thread wondering about Key Auth.