Session based Authentication – cumbersome with RESTful APIs
Lots of APIs support session-based authentication. In these schemes, the user first has to call a “login” method which takes the username and password as input and returns a unique session key. The user must include the session key in each request, and call “logout” when they are done. This way, authentication is kept to a single pair of API calls and everything else is...
(This is part 3 in our series on "Is your API naked? 10 API Roadmap considerations")
We’ve seen very few API providers with a completely open API – almost all employ at least one of these:
- Identity - who is making an API request?
- Authentication - are they really are who they say they are?
- Authorization – are they allowed to do what they are trying to do?
Today, Sonoa is joining the Cloud Security Alliance. Why are we doing this?
The first reason is because we’ve talked to hundreds of companies who are building APIs and web services both internally and externally, and for the most part they are using cloud services from other companies, or they are planning to expose their own web services to others on the Internet, or they are running their own infrastructure in the cloud – or all of the above. Cloud computing is a big part of what we do, and we want to make it succeed. The Cloud Security...