I'm currently building an API for a very busy internet website. Its being written in PHP with MySQL. Now this is my first API that i'm writing that allows people to access their account remotely. Once the API is online, developers will be able to write their own tools from it.
Now I have the API working, but I'm not sure if its entirely safe.
An example URL that would work is:
USERNAME: would be the users actual username
PASSWORD: would be the MD5 encoded string of their actual password.
If the details match, a result is returned, if not, and error.
$_GET inputs get the
I wanted to keep things simple, but I'm not sure if this way is a SAFE way of having a public API that taps directly into users accounts data.
Ideas and suggestions are much appreciated.