11436 SSO

OAuth

Technology
by Greg Brail May 29, 2013
The question of whether OAuth is an effective mechanism for securing back-end resources comes up from time to time. Recently, an API developer asked whether OAuth is the right solution to secure an API that he plans to... Read more
The question of whether OAuth is an effective mechanism for securing back-end resources comes up from time to time. Recently, an API developer asked whether OAuth is the right solution to secure an API that he plans to make available for mobile app development. All great questions to ask as you consider opening up your API. My take is as follows: If you are working on an API that will be used by third party developers, then there is no magic bullet that will prevent developers from using your API in bad ways. However I think that OAuth 2.0 helps you reduce the risk.
606
Digital Business
by Jen Mazzon Oct 17, 2012
Today we released a scheduled update for the Apigee API Platform, which gives free open access to the same enterprise-grade API Platform used by industry leaders like Walgreens, eBay and AT&T. This update... Read more
Today we released a scheduled update for the Apigee API Platform, which gives free open access to the same enterprise-grade API Platform used by industry leaders like Walgreens, eBay and AT&T. This update delivers the following new features and improvements: ability to understand your API traffic by location, approve keys for apps either automatically or manually, get performance metrics by API resource, a 200% improvement in OAuth performance, and more.
601
Technology
by Greg Brail Aug 16, 2012
 Thanks to all for your interest and participation in our OAuth 2.0: Don't Throw the Baby Out with the Bathwater Webcast on August 2nd. You'll find the video and slides here.There were several questions that we didn't... Read more
Thanks to all for your interest and participation in our OAuth 2.0: Don't Throw the Baby Out with the Bathwater Webcast on August 2nd. You'll find the video and slides here. There were several questions that we didn't get a chance to address in the hour so we'll follow up on them here. And we'd love to continue the conversation over on the API Craft Google group.
606
Technology
by Helen Whelan Aug 06, 2012
Thanks to all who participated in last week's Webcast, "OAuth 2.0: Don't Throw the Baby Out with the Bathwater."In the wake of Eran Hammer's resignation from the OAuth 2.0 working group, @gbrail and @edanuff discussed... Read more
Thanks to all who participated in last week's Webcast, "OAuth 2.0: Don't Throw the Baby Out with the Bathwater."In the wake of Eran Hammer's resignation from the OAuth 2.0 working group, @gbrail and @edanuff discussed the usability of OAuth 2.0 for your APIs, identifying problematic areas of the spec and understanding how to avoid them, and why rolling back to OAuth 1.0 or "rolling your own" is not a great idea.The video and slides for the session are below. There were some questions that we didn't get a chance to address during the hour so we follow up on them here. We'd love to continue the discussion on the api-craft forum.
606
Technology
by Greg Brail Mar 13, 2012
 OAuth - The Big Picture  Choose Kindle, PDF or ePub format OAuth has become standard practice for large social media APIs and it's becoming common across enterprise APIs. OAuth is good for your... Read more
OAuth has become standard practice for large social media APIs and it's becoming common across enterprise APIs. OAuth is good for your customers' security and experience making is critical if you want adoption on your API. Over the past year, we've been talking OAuth with some of the leading API teams around the globe as they design their API security strategies. These interactions have helped us build and refine our perspective.
606
Technology
by Greg Brail Feb 16, 2012
In a recent OAuth post, we recommended that if your API can require HTTPS, use OAuth 2.0.  Otherwise, use OAuth 1.0a. How should you use OAuth 2.0? There are three types of credentials in OAuth 2.0. ... Read more
In a recent OAuth post, we recommended that if your API can require HTTPS, use OAuth 2.0. Otherwise, use OAuth 1.0a. How should you use OAuth 2.0? There are three types of credentials in OAuth 2.0 - BEARER TOKENS, MAC TOKENS, and SAML. What are they and which should you use? Then what about 2-legged vs. 3-legged OAuth?
606
Technology
by Greg Brail Feb 15, 2012
In the previous few blog posts, I’ve talked about what OAuth is and when and why I recommend it.This time, let's explore some of the reasons why OAuth is more cumbersome and complicated for developers than plain... Read more
In the previous few blog posts, I’ve talked about what OAuth is and when and why I recommend it. This time, let's explore some of the reasons why OAuth is more cumbersome and complicated for developers than plain passwords as well as some recommendations to help you make the decision between OAuth 2.0 or 1.0a.
606

API Management Decision-Making Kit

Next Steps

 
 

Resources Gallery

News