WCF REST Service with API Key Verification

This template demonstrates how you can implement APIKey Verification for your REST services to learn more

1. Debug the application and click the links in default.htm
2. Watch endpoint.tv - How to Do API Key Verification with a WCF WebHttp (REST) Service
3. Read How to do API Key Verification for REST Services in .NET 4

Why Use API Keys?

Most public web services use API Keys as a means to control access. This provides you with a way to revoke the key of a malicious or malfunctioning application that is causing problems with your service.

Implementing API Keys

Callers that want to invoke your service will need an API key. You will have to create a mechanism for issuing and revoking, storing and retrieving API keys.

Modifying this template

1. Modify the APIKeyRepository class to obtain the keys from your store. This example retrieves keys from App_Data/APIKeys.xml
2. For enhanced scalability consider caching the key list using the local cache or Windows Server AppFabric caching for distributed caching across a web farm
3. Modify the HTML response returned when an API Key fails validation - the HTML returned is defined as the constant APIKeyAuthorization.APIErrorHTML

Watch Out

This APIKeyAuthoirzation behavior will apply to all services in the web site using the web.config provided because it uses a behavior without a name making it the default behavior for all services (including SOAP services). Typically that is what you want, but if you need different behavior you can name this behavior configuration and selectivly apply it.