5 Things to Consider When Using RESTful APIs and OAuth 2.0

As the Internet of Things gains pace, users are increasingly required to sync data to cloud services. In an article for App Developer Magazine, Brian Alexakis discusses five tips to help users analyze how vendors implement OAuth 2.0 and how to interface with RESTful APIs to improve access to this end-user data.

Users should understand the definitions of the OAuth 2.0 Authorization Framework, as it seeks to separate the end user ( Resource owner) from the end-user data (protected resource) and use access tokens to supply that data to third-party applications (clients) through the vendor cloud service (authorization server) without having to store the user name and password.

The protocol flow supports the security of the resource by ensuring that the client is authorized by the resource owner to access that data. This is achieved through the granting of access tokens as part of the RESTful API call.

To streamline the process of obtaining and applying access tokens, it is advisable to locally store the access token on the protected internal storage of the client device using INI files for efficiency. Remember to always make a test call to the API to ensure that the stored token is still valid before using it.

The Embarcadero REST Debugger was built on the REST Library and is capable of generating REST components that can be copied and pasted into the RAD Studio XE8 IDE. Using this debugger makes the building process convenient and fast.

Despite obtaining approval from the end user, many vendors still limit how much data clients can access, such as only allowing a certain number of queries or only allowing queries to go back a certain number of days or weeks. To reduce this potential issue for clients that depend on robust access to end-user data, middleware solutions can create an aggregated data source that offers unrestricted access to protected resources within the client’s system by relying on their own RESTful API layer.

Be sure to read the next Data article: How to Turn Existing Web Pages Into RESTful APIs With Import.io

Original Article

Top 5 Tips for RESTful APIs and Closing the Loop on OAuth2.0