I am building a Cloud Application Using MySQL and PHP where Database and PHP script will reside in the server. I wanted a feasible solution where I could remotely handle all the request and perform CRUD operations remotely from a client machine to server machine. And here is the logic I could possibly think off
a) Generate and Implement API key logic for every user.
b) check the API key for granting access
c) Create special URI for CRUD operations which will handle all database request and process.
d) with the help of XML or JSON echo out the error or success message.
As my application is meant for private usage for few users. I would like to know if it is vulnerable if I design it this way or is there any other way round. ?