APIs are core to digital business—assembling data, events, and services from within the organization and across devices. With organizations moving more of business online, those APIs are being exposed to externalities, whether to other departments, customers, or enterprises in their partner network.
- Articles (46)
- APIs (27)
- Mashups (3)
- SDKs (87)
- Libraries (1)
- Source Code (15)
- Followers (2)
- Developers (3)
OAuth Api Articles
The following is a list of ProgrammableWeb articles that matched your search term. On an nearly 24/7 basis, ProgrammableWeb publishes new articles ranging from news to opinion to tutorials for both developers and API providers. All of our articles are categorized in such a way that you can find your way to related articles, APIs, SDKs, Libraries, Frameworks, Tutorials and Sample Source Code. If you have an interest in contributing any of the aforementioned content to ProgrammableWeb, be sure to read our guidelines for such contributions.
Google announced in December of 2019 that it will soon require that third-party applications support OAuth 2.0 as a connection method for access to G Suite data. In June 2020 Google will begin denying access to users that attempt to login to less secure apps (LSAs).
Imperva, a company that provides application security solutions, recently announced that they had experienced a data breach that exposed user’s email addresses, scrambled passwords, API keys, and SSL certificates. In addition, the company's API security standards raise concerns.
OAuth Newbies can find it tricky initially. In this tutorial you’ll learn how to get started with OAuth 2.0 while avoiding all the fiddly parts around handling tokens. The folks over at Insomnia will show you how to authenticate an API client for the GitHub API with OAuth 2.0 and the Insomnia app.
Single Sign On is a mechanism that creates the feeling of a single ecosystem across multiple services for a user by sharing key elements of an identity. SSO can provide users with a better experience and can result in cost savings. This article looks at how Intuit implements OpenID 2.0 as their SSO.
This is part 3 of our series on the U.S. government's Green Button API initiative. In this part, we will describe the building blocks of Green Button technology and how they respond to the project requirements with respect to authorization of access to data provided to third parties.
This is part 4 of our series What is The Green Button API initiative and How It Took OAuth To An Entirely New Level. In this part we explain the structure of Green Buttons’ scope parameters and illustrate the data exchanges and protocol used to implement Green Button’s scope negotiation.
Most web services available to developers have been inaccessible to Connect IQ developers because they use OAUTH to provide access control, and this functionality did not exist in Connect IQ. Connect IQ 2 added new OAUTH APIs opening up Connect IQ apps to many of the APIs available on the web.
ProgrammableWeb tests reveal how a free app from Google's App Store makes it possible to reverse engineer secure traffic between mobile apps and the services they call home to.
APIs managed by Mulesoft’s Anypoint Platform for APIs can now be automatically included under the umbrella of organizational access control and authentication governed by OpenAm.
In its latest API partnership, Walgreen Co. hopes that rewarding customers with points for measuring their blood pressure will inspire more loyalty.
As Pinterest endures its second attack in as many weeks, Twitter is subsequently auto-flooded with fake weight-loss posts that are designed to lure followers into a trap that could expose personal information and account credentials. For its part, Pinterest's lack of transparency regarding the matter stands in contrast to industry standard best practices for such breaches.
An untold number of Pinterest users were breached on June 4, 2014 as a part of a sophisticated attack designed to skim confidential information from their Facebook friends and Twitter followers. So far, Pinterest has failed to fully remedy the situation or even acknowledge that the attack happened.
While developers have traditionally had a love-hate relationship with Facebook over the years, a new survey suggest that at least for the moment, developers want to be friends with Facebook more than ever.
It seems at every API conference, there is a new feature being released by the team at OAuth.io. In October, at API Strategy and Practice in San Francisco, OAuth.io released a mobile SDK. Now after APIDays in Paris, OAuth.io has released a 'code request' feature to abstract usage tokens in the authentication process. Co-Founder Mehdi Medjaoui spoke with ProgrammableWeb about the service that provides a unified API for any OAuth implementation.
One of the more problematic elements of building any application is managing end user identities. Writing the code to manage who gets to access any given application not only is time consuming; it doesn’t usually add much in the way of unique value to the application.
API middleware is emerging as a key new industry segment in the API economy with at least two launch announcements expected today (including one at DataWeek) from services offering middleware tools to API developers. Meanwhile, in an exclusive for ProgrammableWeb, Webshell.io founders share details of their API integration platform interface, and discuss why trust is the principal currency in the API economy.
A few months ago, ProgrammableWeb announced the release of Heroku’s Platform API, which allowed developers to integrate the Heroku platform with third party applications and services. Now, Heroku has launched a public beta for OAuth 2.0 support for the Platform API. OAuth 2.0 support allows developers to control service needs as opposed to offering full service access to all user accounts.
OAuth is becoming a very popular way to control authorized access to Web APIs and the data that they return. Although it's one of the most straightforward ways to accomplish this, it's still rather confusing to use. If your API uses OAuth, then you need to be able to describe it so that developers can quickly understand what they need to do.
While testing out a new tool I'm working on that uses a variety of OAuth2 providers and thought I’d catalog some of the quirks I came across. This is just for the authorization flow, not for actually making requests once you’ve secured a token. Now that the OAuth2 spec is solidified we should start seeing less and less of these issues.
The Cloud Security Alliance Summit brought together a panel of security experts on February 27 in San Francisco to examine the threats posed by API and cloud-based computing. But rather than providing guidance on how to mitigate security risks they focused instead on the uncertain nature of security in an environment that is increasingly dominated by applications that use APIs to transfer data across the cloud.
Stereomood is a streaming music service that gives recommendations. To start, it uses a list of moods, each of which have an associated playlist. While playing songs, users can like or ban songs, much like Last.fm or Pandora. The Stereomood API allows full access to the site's functionality to developers, allowing developers to make fully usable clients on any platform.
When programming a web application, security is often a prime concern. If you've read my previous articles, you've often seen me comment on how secure an API is, as many of them are pretty secure, but many of them are not. When working on a cool application, often security is something you don't really want to spend that much time thinking about, which is why Layer 7 recently released an OAuth toolkit.
Podio is a web service that aims to provide a customizable online workplace. There are a lot of apps, and you can set up and position your dashboard as you please. However, sometimes the app you want isn't in the set. In that case, they also offer the Podio API to code your own custom apps for use within your Podio workspace.