April 29, 2016
Single purpose API
Sorry, No followers
The Signinghub API helps accomplish something that looks simple (see image below) but is tricky to do securely: digitally sign a document. The API, using REST-based web services with XML responses, makes its possible to incorporate digital signing into your application that is based on the Public Key Infrastructure.
Although it’s hard to do justice to the topic of API security in the space of a blog post, the topic is important because it affects every API architect creating a new web service. Advice that has come from experience may be of particular value—and that’s what follows here.
Too many people don’t know the difference between OpenID Connect and the OAuth 2.0 specifications. This results in devs publishing insecure apps because they’re using an ID token to secure the API where they should be using an access token. This article helps explain to you the difference.