How do I generate app id and api key for a new REST API

I want to expose some data using a REST API, and use an App ID and API key is an option I want to explore. But how do I generate those? Should I just use a random string generator? 

Rank: #55

Hi Adina,

It's up to you how do you define these keys.

One of the most common patterns to establish authentication in web services is with JWT which in OutSystems you can setup using the JWT Forge component.

I would imagine you have a backoffice where you can register a subscriber and generate a key for those.

But in the end, if you're not following a protocol, you can define your one authentication method. I have also integrated with services which using functions like, for instance, GenerateGuid() and / or using functions like ComputeHash from CryptoAPI to make it less human-readable:

And then you can check on your service the Token provided against your database before doing the requested operation or sending a 401 if it it is not a valid token.