The Latest News On The API Economy
Searching: No Search Term , Filtered By Category: "Security"
The amount of data captured for analysis is increasing all the time. Often this data is fed into multiple systems that need to analyze, process, persist or perform other operations with it. It is important that these systems make sure that sensitive data is identified and redacted.
There are three standard ways to manage API authentication these days: API keys, OAuth tokens and JSON Web tokens (JWT). Adam Duvander over at the Zapier engineering blog explains how and when to use them. The humble API key is the common and earliest form of API authentication.
A researcher has found a vulnerability in the latest version of reCAPTCHA that could let spambots bypass reCAPTCHA fields across millions of sites. The developer has a script that uses Google’s speech recognition API to solve audio challenges associated with the latest version of reCAPTCHA.
Tesla's backbone API suffered a 20 hour outage earlier this week that left the company's keyless driving feature and mobile app monitoring unavailable. While the outage represented more of an inconvenience than a devastation, the vulnerability highlighted the dangers of an API-driven auto market.
CORS is a security mechanism that allows a Web page from one domain to access a resource from a different origin. This article provides an in-depth guide to Cross-Origin Resource Sharing (CORS) for REST APIs, on how CORS works, and common pitfalls especially around security.
The API is at the heart of the technology of every connected person’s daily life. Mark O’Neill, research director at Gartner, presented some of the trends in the API industry at a recent APIDays conference. This article delves into them and how they affect the future of the tech industry as a whole.
Google anti-harrasment project, Jigsaw, launched an API that brings programmatic access to the machine learning and AI technology driving the project. The Perspective API allows third parties like Wikipedia, the New York Times, and others the ability to score online speech for its toxicity level.
Google's fast and scaleable API gateway, Google Cloud Endpoints, is now generally available. Cloud Endpoints is built upon the same services that Google uses to power internal APIs. Cloud Endpoints ensures APIs used within apps on the Google Cloud Platform are monitored and secure
PasswordPing recently announced the launch of its password and credential breach notification service. The service alerts organizations of passwords and credential/password combinations that have been exposed. The service includes API entry points to the service for integration with login screens.
Bugsee recently emerged from stealth mode with its bug reporting and crash analytics tool. Bugsee's primary advantage over most mobile app bug tools is the continuous video capture of user actions. Bugsee syncs video data with log and network data for optimal and quick crash and bug recovery.
Two years ago, there was a growing chorus of voices expressing concern about private API keys finding their way into the public domain thanks in part to careless pushing of code to services like GitHub. Now this problem has spread to mobile apps. The guys over at Hackernoon explain.
Fourteen APIs have been added to the ProgrammableWeb directory in categories including Podcasts, Artificial Intelligence, and Security. Featured today are APIs for fraud detection by Simility, and conversational bots from Amazon Web Services Lex. Here's a rundown of the latest additions.
Stormpath made a name for itself with its backend, REST API that provides registration and authentication. The REST API operates in the backend of an app. As serverless architecture grows in use, a need for a frontend registration and authentication services arose. Enter the Stormpath Client API.
Eighteen APIs have been added to the ProgrammableWeb directory in categories such as Security, News Services, and Payments. Featured today is an API from UtilityScore, a service that provides a score for projected utility costs to interested home buyers. Here's a rundown of the latest additions.
This article is part of a 10-part series about interesting APIs that were added to our directory during 2016. Security and Privacy APIs are covered in this segment. The APIs were chosen by our researchers, by popularity according to website traffic, and by mentions on social media.
Developers commonly generate unique API keys for clients. But how long does an API key need to be to make the chances of a collision smaller than the chance that your computer might be struck by lightning? Fewer than you’d think, argues Sam Corcos, co-founder of SightMaps over at LearnPhoenix.io.
The Node.js Foundation, a community-led consortium to advance the development of Node.js, today announced that the Node.js Security Project will become a part of the Node.js Foundation. The Node.js Security Project will provide a process for discovering and disclosing security vulnerabilities.
Mastercard, a company that once warned that the risks of digital currency outweigh the benefits, has released two new blockchain APIs to promote collaboration and innovation in the digital exchange of value. Through its Mastercard Labs arm, Mastercard has indicated the API release is just the start.
YouMail launched its Spam Risk API. YouMail uses algorithms to analyze a database of hundreds of millions of phone numbers to determine the likelihood a particular phone number is spam. Historical call patterns and crowdsourced data are combined to determine an OK, caution, or danger designation.
Whether you're rolling your own soup to nuts API management solution, or your existing API management technology is missing some of the basics when it comes to API endpoint security, Cloudflare's recently released Traffic Control may have the right combination of features to fill in the gaps.