So far when searching through the forums and quite poor documentation of Yii, I cannot find proper information about Web Services.
I have created a web service which another web service (using another platform) can connect to. So far so good. But the only thing I can find about web service authentication in Yii is when the web service is to be consumed through a website.
I’m thinking of a two level security:
a. For each request sent by the client, a username and password are sent together with the data. This is done via SSL to ensure the traffic is encrypted.
b. The client has to authenticate using a certificate in order to even be able to send anything.
My questions to you are:
-
Is this two level approach secure enough?
-
Where can I find examples or tutorials of best practices regarding this approach?
Please help me!