Heroku Adds OAuth 2.0 Support to Platform API

A few months ago, ProgrammableWeb announced the release of Heroku’s Platform API, which allowed developers to integrate the Heroku Platform with third party applications and services. Now, Heroku has launched a public beta for OAuth 2.0 support for the Platform API. OAuth 2.0 support allows developers to control service needs as opposed to offering full service access to all user accounts. Heroku suggests that Platform API users should implement OAuth first. Developers should register a client at the account page Dashboard; and then, developers can use the tool of choice to incorporate OAuth into an app. Once OAuth is incorporated, developers can streamline workflow and better manage and control access to Heroku account data.

Currently, Heroku has implemented four scopes of access (i.e. global, identity, read and write, and read-protected/write-protected). Global grants full access to an account and complete control of apps and resources. Identity allows read-only access to account info. Read and write grants access to accounts without uncovering runtime secrets (e.g. database connection strings). Read-protected/write-protected acts similarly to read and write, but includes access to config vars.

Heroku continues its journey as a platform built for developer success. Its mission focuses on enabling the simple, straightforward process of developing and running cloud-based apps. The Platform API was one more step towards that goal, and OAuth 2.0 support furthers the mission. Users can control access through the Dashboard.

Be sure to read the next Security article: Eyedea—Just Another Pretty Face (Recognition API)?: Implications of a Crowded Marketplace