December 2011
Beginner to intermediate
146 pages
4h 14m
English
Content preview from APIs: A Strategy GuideBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 6. API Security and User Management
Formulating effective API security is a critical design decision, as well as an ongoing operations imperative. This is an important subject, addressed in many books with a broader scope than ours. This chapter is by no means a definitive survey of Internet security techniques. Here we highlight the security issues and techniques that apply to designing and operating APIs specifically.
The security models you choose are an important characteristic of your API and must be appropriate for the business. If your API deals with sensitive finance data over public networks, stronger security measures will be required than if your API simply passes data around for a private audience on a protected network.
The operative questions for designing your API security framework include:
What assets are you trying to secure? How much security do you need to secure them?
How will the security measures you plan to implement impact performance of the API? Will it complicate programming against it?
Who is using the API? Do you need users to identify themselves before they use applications built using the API?
Is it OK if they just identify the application that is running and not the person who is using it?
Very few API providers offer APIs without some form of identification, such as registration for using the API. Most APIs employ one or more of these basic security techniques:
- Identification
Who is making an API request?
- Authentication
Are they really ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.