APIs to Securely Incorporate Social Identity Travis Spencer February 18, 2013 On March 21st, I’ll have the pleasure of joining the great roundup of speakers at the inaugural Nordic APIs event in Stockholm. I’ll be presenting on how Twobo Technologies is using the Janrain API together with other cloud services like Google Analytics and security products like SiteMinder to securely integrate social into Web sites. I’ll demo a fictitious movie-related site where people can watch trailers, find nearby theaters, see what’s new and hot, etc. To personalize to user’s experience and to help them more easily find the information they are seeking, the site uses the Janrain API for social login to obtain basic info about the user. This social media aggregation API allows users to login from various social networks and provides the site operator with a single API, shielding it from all the fragmentation and disparity of the numerous social networks. Using this one API, the site also allows users to share movie reviews, chat with friends about blockbusters, and publish their site activities back to multiple social networks in one API call. In the demo, I’ll also show how Janrain’s API can be coupled with SiteMinder, a Web Access Management (WAM) system from CA Technologies. Every request to the movie site will be sent through SiteMinder no matter how a user may authenticate. By proxying requests like this, centralized policies defined in SiteMinder will ensure that anonymous and socially authenticated users are not allowed to access secure parts of the site. With this setup, a user must step up their authentication level using a more trusted identity before the site allows them to use a credit card previously associated with their movie site account. In this way, social is used to increase conversion rates, reduce registration friction, and provide a better user experience w/out exposing the site operator to untold risks. There’s lots more to it, so be sure to catch this talk next month. Before then, check out my other blog post on this and the abstract of the session. As I prepare, ping me on Twitter or comment below with your thoughts, questions, and opinions, and I’ll be sure to incorporate them into my talk. Also, register today before we run out of room. Attendance is free and we’re already at 65% capacity, so we’ll almost certainly use up all the space in Jayway’s office where we’ll meet. See ya next month in Stockholm! [Disclosure: Twobo, my company, has a commercial relationship w/ CA Technologies.] The latest API insights straight to your inbox