Codeigniter auth key for REST service
If you are familiar with other APIs you'll notice a common pattern. I recommend an authenticate method where the user passes their email and password, which will return a generated unique auth key. The auth key would be like a session id, think of how cookies work. Then all the other API methods should check $this->post('auth') and you need to compare this with your session handler (i.e. database or sessions), before you process each request.
Seems like a lot of code huh? Nope.
All your models should have an overloaded constructor:
class MyAPIController extends Rest_controller{ public function __construct() { parent::__construct(); if(!authCheck($this->post('auth'))){ returnFailedResponse(); exit(); }}
Then write you API normally, like in the examples on Phil Sturgeon's website.http://net.tutsplus.com/tutorials/php/working-with-restful-services-in-codeigniter-2/
Make a model that has authCheck to test that the auth key is valid, and make a method for returnFailedResponse to return a 401 Unauthorized.
In another controller, lets call it 'Auth', use the above contructor.
Now every call to your api should set a header for the Auth. Ex. 'Auth: 12m34k23b'.