When it comes to releasing a commercial API, authentication is key. On the one hand your users will want to feel secure, as they are paying. On the other hand you’ll wish to find a lightweight solution, because you are developing and maintaining! Plus you want it to be as easy as possible for third-party developers to write a client – and we all know that’s quite boring to implement another custom signing process!…

In such a context, we at Moodstocks like to look for open standards with robust specifications and wide adoption. And luckily, we found one. It’s called Digest Auth, and it’s cool!

It provides out-of-the-box a decent security level with features such as nonce – to prevent replay attacks, and MD5 cryptography – to make sure your secret key is not sent in plaintext over the network. And both on the client and server side, you’ll find some open source soft in your favorite language that already implement it. Even your browser can act as a client: that’s handy!

Moodstocks API relies on Digest Auth, and we’re really happy about it. Go for it, you will be too!