An OAuth-protected API Platform

[Editor’s note: This is a part of a series of blog posts summarizing the proceedings from the recent Nordic Tour.]

twobo-dark-color-wwwGetting ready for the big tour was overwhelming at times, even with such a great team to help. (Thanks again to each of you!) Despite all the details, I managed to find a moment to collect my thoughts on the theme of API openness. They centered around the idea that an OAuth-protected API platform can safegaurd an organization’s data if based on the Neo-security Stack. Some of the main points from my talk included these:

  • Organizations must bridge old and new IT systems by transforming digital identities and content from the old ones to the ones that our APIs are exposing. In this way, the API provides a “pivot point” that allows orgranizations to reuse older systems in the implementation of their APIs.
  • In an increasingly social, mobile, and cloudy world, data and user interaction must be managed across the entire supply chain. This flow of information across organizational boundaries should not result in the end user being continuously prompted for usernames and passwords.
  • These types of business drivers are dictating that certain security measures be taken as APIs are implemented.
  • To do this, organizations should rely upon a set of technologies known as the Neo-security Stack, which delivers a framework of open standards.
  • At the base of this suite of protocols is OAuth 2 and OpenID.
  • These technologies allow API providers to construct systems where users can authenticate themselves and access specific data and business functions in line with their role and access rights.

I started off my talk by saying that:

A few weeks ago Mark Boyd wrote on the Nordic API’s blog about six benefits of private APIs. You can read the blog post if you follow this URL. I think he would agree that these particular benefits are available to you if you are implementing partner APIs or APIs that are available to the general public. What I want to also point out to you is that these benefits are only possible if certain security is implemented.

I went on to show how these benefits are setting certain security requirements and how these can be fulfilled using the Neo-security Stack. The full transcript is available, and my presentation in Copenhagen was recorded and is available on YouTube.

My slides are available in the Nordic APIs Slideshares.

If you have any feedback, let me know. I’d love to hear from you.

About Travis Spencer

Founder & CEO of Twobo Technologies and a co-founder of Nordic APIs. An American living in Sweden and specializing in API security.