This TextKey PHP library allows a developer to implement REST API calls server-side from a PHP backend. TextKey is an omni-factor authentication API that uses seven-factors of authentication to provide security for devices ranging from mobile to electronic door locks. TextKey works through using SMS service, unique code, cellular number, UDID, a single use URL, and an optional pin. TextKey uses REST with a JSON response and SOAP. TextKey is free for ten users, and available for a monthly charge per user thereafter.
Earlier this month, hacker Alexey V. Borodin discovered a method that allows some iOS app users to make "In-App Purchases" for FREE. Because Apple does not link purchases directly to individual customers or devices, a single receipt can be used for multiple transactions. Borodin's method takes advantage of this fact by fooling iOS apps into accepting fake purchase receipts and bypassing Apple’s authentication servers.
This is first part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part looks at how the external availability of APIs can impact their security.