[jbrendel]

Exactly. Have a look here for some information on how to do this: http://www.thebuzzmedia.com/designing-a-secure-rest-api-with...

[Bjoern]

This article also inspired me to lockdown my own API I designed, its really good advice. The question is only, they wanted to provide a very simple interface, what is the right trade-off security vs. developer UI?