I am using PHP/CodeIgniter and Tank_Auth library for authentication both on site.com and via the API, and a very basic REST API from Phil Sturgeon.
Right now when a user fills in username/password on Site1. It makes an API call like so:
http://site2.com/api/index/authenticate?username=jdoe&password=123456
On Site2.com: index/authenticate uses tank_auth library to compare username/password to what is stored in the database.
My Question: Is there a standard to encrypt the password during submission and then decrypt on the other side? Or would an SSL certificate be sufficient?