I'm exploring the possibilities that comes to securing an API. I would like to have a predefined key, so i could compare them and give access.
The API is going to communicate with native mobile apps (iOS). So with the predefined key inserted in the app, compare the key against the key in the API when succeeded, then give limited read access (only what is necessary).
But I want also build an CMS on top of this API and set an other key so the API gives this request write access.
I want to put those API keys in a custom http header, and let Node.js handle the authorisation based on those keys.
What do you think about such a solution?