So let's say I have "site1.mysite.com", "site2.mysite.com", etc. I want people (developers) to access some of the data via PHP generated JSON, but I also don't want to have to set up user accounts, sign ins, blah blah blah.
I don't want it to be open for "everybody".
What I started doing was this:
Users need to add "&user=somethingigivethem" and "key=somethingelseigivethem". These are values I provide to the user.
The key is currently the MD5 hash of the "user" and something like "53CR37P$%%" so basically:
$key_validator = md5($_GET['user'].'53CR37P$%%');
if($_GET['key'] === $key_validator){
//show JSON
} else {
//show error
}
Are there any major flaws in doing it this way?