Currently, I am creating a
WebAPI
rest services. These services will be called from different client and all clients are having their API Keys, like:
A: APIKeyA
B: APIKeyB
C: APIKeyC
with these API keys Resources are something like:
www.example.com/GetAccount/?APIKey=APIKeyA
and so on. In our services we are checking APIKeys and validated the client requests. But, we need to rid-off these API Keys.
and our Resources would be:
www.example.com/GetAccount/
Now, issue is after removing APIKeys how we make sure that request is authenticated, as any one can request with above Resource/url.
How we can make this service as secured service?