September 2017
Intermediate to advanced
244 pages
6h 44m
English
It is also a good idea to limit the scope of the access token to avoid problems if some one unauthorized has got the token. Also, if a service is being provided to a client-side application that is not specific to some user or access, then it should still have some sort of API key, by which we can identify who is asking for information. So, if there is a suspicious attempt to access an API endpoint with some API key, we can simply revoke the specific API key, so it will be no longer valid for future requests. It is only possible if there are multiple API keys having the limit access level.
Read now
Unlock full access