OAuth APIs

Why You Should Re-evaluate the Strength of Your API Security
API University

APIs are core to digital business—assembling data, events, and services from within the organization and across devices. With organizations moving more of business online, those APIs are being exposed to externalities, whether to other departments, customers, or enterprises in their partner network.

Analysis

Pubudu Gunatilaka

Security, Authentication, OAuth

04-29-2020

Google to Require OAuth 2.0 Application Support for G Suite Access

Google announced in December of 2019 that it will soon require that third-party applications support OAuth 2.0 as a connection method for access to G Suite data. In June 2020 Google will begin denying access to users that attempt to login to less secure apps (LSAs).

Brief

Kevin Sundstrom

Security, OAuth

01-13-2020

Imperva Breach is Another Reminder That API Keys Alone Cannot Secure APIs

Imperva, a company that provides application security solutions, recently announced that they had experienced a data breach that exposed user’s email addresses, scrambled passwords, API keys, and SSL certificates. In addition, the company's API security standards raise concerns.

Analysis

Kevin Sundstrom

Security, Authentication, OAuth

08-29-2019

How to Do GitHub API Authentication Using OAuth 2.0
API University GitHub

OAuth Newbies can find it tricky initially. In this tutorial you’ll learn how to get started with OAuth 2.0 while avoiding all the fiddly parts around handling tokens. The folks over at Insomnia will show you how to authenticate an API client for the GitHub API with OAuth 2.0 and the Insomnia app.

How-To

Seamus Holland

OAuth, Authentication

09-24-2017

How Intuit Uses OpenID 2.0 to Implement Single Sign On

Single Sign On is a mechanism that creates the feeling of a single ecosystem across multiple services for a user by sharing key elements of an identity. SSO can provide users with a better experience and can result in cost savings. This article looks at how Intuit implements OpenID 2.0 as their SSO.

How Green Button Ingeniously Extended The OAuth Standard Without Forking It
API University

This is part 3 of our series on the U.S. government's Green Button API initiative. In this part, we will describe the building blocks of Green Button technology and how they respond to the project requirements with respect to authorization of access to data provided to third parties.

Analysis

Marty Burns

Open Data, Energy, OAuth

12-09-2016

How The Green Button API Initiative Takes Advantage of OAuth's Scope Parameter
API University

This is part 4 of our series What is The Green Button API initiative and How It Took OAuth To An Entirely New Level. In this part we explain the structure of Green Buttons’ scope parameters and illustrate the data exchanges and protocol used to implement Green Button’s scope negotiation.

Analysis

Marty Burns

Open Data, Energy, OAuth

12-09-2016

How Connect IQ Brings OAuth to Wearables

Most web services available to developers have been inaccessible to Connect IQ developers because they use OAUTH to provide access control, and this functionality did not exist in Connect IQ. Connect IQ 2 added new OAUTH APIs opening up Connect IQ apps to many of the APIs available on the web.

Want To Steal A Mobile App's Secrets? There's An App For That

ProgrammableWeb tests reveal how a free app from Google's App Store makes it possible to reverse engineer secure traffic between mobile apps and the services they call home to.

Analysis

David Berlind

Security, API Management, Mobile

08-03-2015

How To Code An OAuth Workflow Using ZenDesk As An Example
API University Zendesk Core

While Oauth workflows are very common, they aren't always clear when first encountering them. This tutorial shows an OAuth flow using the ZenDesk API and a third party app.

How-To

Wendell Santos

OAuth, Security

05-12-2015

Mulesoft’s Anypoint API Platform Gains Support For OpenAm

APIs managed by Mulesoft’s Anypoint Platform for APIs can now be automatically included under the umbrella of organizational access control and authentication governed by OpenAm.

Brief

ProgrammableWeb Staff

Integration, OAuth

04-24-2015

How Walgreens' API Partnership With Qardio Could Boost Customer Loyalty
API University Walgreens Balance Rewards

In its latest API partnership, Walgreen Co. hopes that rewarding customers with points for measuring their blood pressure will inspire more loyalty.

Analysis

David Berlind

Customer Service, API Strategy, Merchants

01-08-2015

Pinterest Users Getting Hacked For Second Time In Two Weeks
Pinterest Domain

As Pinterest endures its second attack in as many weeks, Twitter is subsequently auto-flooded with fake weight-loss posts that are designed to lure followers into a trap that could expose personal information and account credentials. For its part, Pinterest's lack of transparency regarding the matter stands in contrast to industry standard best practices for such breaches.

Brief

David Berlind

Security, OAuth

06-16-2014

Pinterest Hacked But Company Fails To Disclose Details To Users Or Public
Facebook Twitter
More Related
Pinterest Domain

An untold number of Pinterest users were breached on June 4, 2014 as a part of a sophisticated attack designed to skim confidential information from their Facebook friends and Twitter followers. So far, Pinterest has failed to fully remedy the situation or even acknowledge that the attack happened.

News

David Berlind

Security, OAuth

06-10-2014

Facebook Is Making Lots of Mobile Developer Friends

While developers have traditionally had a love-hate relationship with Facebook over the years, a new survey suggest that at least for the moment, developers want to be friends with Facebook more than ever.

News

Michael Vizard

News Services, Mobile, OAuth

12-20-2013

OAuth.io Adds More Features to Simplify Authentication

It seems at every API conference, there is a new feature being released by the team at OAuth.io. In October, at API Strategy and Practice in San Francisco, OAuth.io released a mobile SDK. Now after APIDays in Paris, OAuth.io has released a 'code request' feature to abstract usage tokens in the authentication process. Co-Founder Mehdi Medjaoui spoke with ProgrammableWeb about the service that provides a unified API for any OAuth implementation.

News

Mark Boyd

Security, Tools, OAuth

12-12-2013

Salesforce.com Unfurls Identity Service in the Cloud

One of the more problematic elements of building any application is managing end user identities. Writing the code to manage who gets to access any given application not only is time consuming; it doesn’t usually add much in the way of unique value to the application.

News

Michael Vizard

Security, News Services, Enterprise

10-17-2013

The Emergence of API Middleware: An Exclusive Interview with Webshell.io

API middleware is emerging as a key new industry segment in the API economy with at least two launch announcements expected today (including one at DataWeek) from services offering middleware tools to API developers. Meanwhile, in an exclusive for ProgrammableWeb, Webshell.io founders share details of their API integration platform interface, and discuss why trust is the principal currency in the API economy.

News

Mark Boyd

News Services, Application Development, Standards

10-02-2013

Heroku Adds OAuth 2.0 Support to Platform API
Heroku

A few months ago, ProgrammableWeb announced the release of Heroku’s Platform API, which allowed developers to integrate the Heroku platform with third party applications and services. Now, Heroku has launched a public beta for OAuth 2.0 support for the Platform API. OAuth 2.0 support allows developers to control service needs as opposed to offering full service access to all user accounts.

News

Eric Carter

Security, Application Development, Cloud

07-23-2013

Explaining How Your API Uses OAuth
API University

OAuth is becoming a very popular way to control authorized access to Web APIs and the data that they return. Although it's one of the most straightforward ways to accomplish this, it's still rather confusing to use. If your API uses OAuth, then you need to be able to describe it so that developers can quickly understand what they need to do.

News

Guest Author

Application Development, OAuth

03-26-2013

OAuth 2.0 Comparisons: The Good, The Bad, The Quirky

While testing out a new tool I'm working on that uses a variety of OAuth2 providers and thought I’d catalog some of the quirks I came across. This is just for the authorization flow, not for actually making requests once you’ve secured a token. Now that the OAuth2 spec is solidified we should start seeing less and less of these issues.

News

John Sheehan

OAuth

01-29-2013

Expert Panel Has More Questions Than Answers When it Comes to API Security

The Cloud Security Alliance Summit brought together a panel of security experts on February 27 in San Francisco to examine the threats posed by API and cloud-based computing. But rather than providing guidance on how to mitigate security risks they focused instead on the uncertain nature of security in an environment that is increasingly dominated by applications that use APIs to transfer data across the cloud.

News

Robert Egert

Security, Enterprise, Events

03-07-2012

Stereomood Gives You Access to Some Real Mood Music
Stereomood

Stereomood is a streaming music service that gives recommendations. To start, it uses a list of moods, each of which have an associated playlist. While playing songs, users can like or ban songs, much like Last.fm or Pandora. The Stereomood API allows full access to the site's functionality to developers, allowing developers to make fully usable clients on any platform.

News

Allen Tipper

API, Mobile, Music

08-30-2011

OAuth Toolkit May Help Secure APIs

When programming a web application, security is often a prime concern. If you've read my previous articles, you've often seen me comment on how secure an API is, as many of them are pretty secure, but many of them are not. When working on a cool application, often security is something you don't really want to spend that much time thinking about, which is why Layer 7 recently released an OAuth toolkit.

News

Allen Tipper

Security, OAuth, API

08-15-2011

Make Your Own Web-Based Workspace with Podio

Podio is a web service that aims to provide a customizable online workplace. There are a lot of apps, and you can set up and position your dashboard as you please. However, sometimes the app you want isn't in the set. In that case, they also offer the Podio API to code your own custom apps for use within your Podio workspace.

News

Allen Tipper

API, OAuth, Business

06-09-2011

OAuth API Articles

Summary

Articles

APIs

Mashups

SDKs

Libraries

Source Code

Followers

Developers

Why You Should Re-evaluate the Strength of Your API Security
API University

Google to Require OAuth 2.0 Application Support for G Suite Access

Imperva Breach is Another Reminder That API Keys Alone Cannot Secure APIs

How to Do GitHub API Authentication Using OAuth 2.0
API University GitHub

How Intuit Uses OpenID 2.0 to Implement Single Sign On

How Green Button Ingeniously Extended The OAuth Standard Without Forking It
API University

How The Green Button API Initiative Takes Advantage of OAuth's Scope Parameter
API University

How Connect IQ Brings OAuth to Wearables

Want To Steal A Mobile App's Secrets? There's An App For That

How To Code An OAuth Workflow Using ZenDesk As An Example
API University Zendesk Core

Mulesoft’s Anypoint API Platform Gains Support For OpenAm

How Walgreens' API Partnership With Qardio Could Boost Customer Loyalty
API University Walgreens Balance Rewards

Pinterest Users Getting Hacked For Second Time In Two Weeks
Pinterest Domain

Pinterest Hacked But Company Fails To Disclose Details To Users Or Public
Facebook Twitter
More Related
Pinterest Domain

Facebook Is Making Lots of Mobile Developer Friends

OAuth.io Adds More Features to Simplify Authentication

Salesforce.com Unfurls Identity Service in the Cloud

The Emergence of API Middleware: An Exclusive Interview with Webshell.io

Heroku Adds OAuth 2.0 Support to Platform API
Heroku

Explaining How Your API Uses OAuth
API University

OAuth 2.0 Comparisons: The Good, The Bad, The Quirky

Expert Panel Has More Questions Than Answers When it Comes to API Security

Stereomood Gives You Access to Some Real Mood Music
Stereomood

OAuth Toolkit May Help Secure APIs

Make Your Own Web-Based Workspace with Podio