WCF REST Service with API Key

This template demonstrates how you can implement APIKey Verification for your REST services to learn more

1. Debug the application and click the links in default.htm
2. Watch endpoint.tv - How to Do API Key Verification with a WCF WebHttp (REST) Service
3. Read How to do API Key Verification for REST Services in .NET 4

Why Use API Keys?

Most public web services use API Keys as a means to control access. This provides you with a way to revoke the key of a malicious or malfunctioning application that is causing problems with your service.

Implementing API Keys

Callers that want to invoke your service will need an API key. You will have to create a mechanism for issuing and revoking, storing and retrieving API keys.

Modifying this template

1. Modify the APIKeyRepository class to obtain the keys from your store. This example retrieves keys from App_Data/APIKeys.xml
2. For enhanced scalability consider caching the key list using the local cache or Windows Server AppFabric caching for distributed caching across a web farm
3. Modify the HTML response returned when an API Key fails validation - the HTML returned is defined as the constantAPIKeyAuthorization.APIErrorHTML