I was asked to make some wordpress site where the user puts some votes for a list of guys, and then sends this data to a web service which saves the vote in another database.
Before sending the data, the wordpress site asks to log in and the user logs in with facebook.
The web service has a restriction where a given user can only vote once within 24 hours.
They asked me to secure the web service and I thought about using an API key configured in the wordpress set and send the form post with the api key in the header. I don't have users in the web service.
Is this the correct way? Could you explain me point by point how would you do it?
Thanks
EDIT
If the web service is configured to use https then any data sent to it would be encrypted.
You will want to make sure any requests to the web service only come from authenticated users, though. If the user is authenticated to the WordPress site, are you using cookies or a session id that the web service can also use to authenticate the user?