Repost: Mobile API Security Techniques, Part 2 API Tokens, Oauth2, and Disappearing Secrets

Take a look at Hands On Mobile API Security: Get Rid of Client Secrets. It focuses on API keys usage and adds in a proxy server which is a good practice when multiple APIs are called form the same app. The full example is at github — https://github.com/approov/hands-on-api-proxy.
OAuth2 is not used in that example, but it could be added without interfering with the existing app authentication code. Look at Mobile API Security Techniques, Part 2 for some additional background.

View story at Medium.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s