Posts Tagged: identity control

Security Points to Consider Before Implementing GraphQL

GraphQL is a very powerful query language that does a great many things right. When implemented properly, GraphQL offers an extremely elegant methodology for data retrieval, more backend stability, and increased query efficiency.

The key here though is that simple phrase — when implemented properly. Read more

How to Handle Batch Processing with OAuth 2.0

Recently on the Nordic APIs channel we’ve had a few people ask — how do you handle batch processes that are secured with OAuth 2.0? Batch requests are ones executed automatically or programmed to repeat recurringly.

Usually we use OAuth to confirm user identity for API calls, but the problem is that OAuth 2.0 isn’t really designed for batch processing. Read more

World War API: Cyberattacks on the International Scale

The world is changing. What was once fought on battlefields with physical weapons is quickly transitioning online, with groups of individuals and even entire nations utilizing the internet to disrupt their enemies.

Just as with any conflict, there will be civilian casualties — whether it be civilian infrastructure or users weaponized as Distributed Denial of Service drones, the consequences of the coming virtual conflicts will be bad. Read more

API Keys ≠ Security: Why API Keys Are Not Enough

We’re all accustomed to using usernames and passwords for hundreds of online accounts — but if not managed correctly, using passwords can become a major distraction, and a potential security vulnerability. The same is true in the API space. There’s nothing inherently wrong with usernames — you need those. Read more