Securing Your API

Jason Austin (25.May.2011 at 15:00)
Talk at php|tek 11 (English - US)

Rating: 4 of 5

Securing Your API

Who are you?

Claim talk

Talk claims have been moved to the new site.

Please login to the new site to claim your talk

Comments closed.


Rating: 4 of 5

25.May.2011 at 15:45 by Jeremy Brown (37 comments)

Decent enough presentation, but was really expecting a majority of the talk to be out schemes and approaches to securing your API. The information about securing that was presented wasn't anything that couldn't have been gotten from a quick overview from a variety of sources.

Your recommendation to not pass the API key across the wire but instead to pass a generated value from it instead still doesn't solve the original problem of someone being able to steal your credentials. Whether they have your API Key or a value generated from it, if someone has it and can send it and act as you, nothing was accomplished. If your intent was that there was a rotating private key in use, then that should be communicated.

Rating: 4 of 5

25.May.2011 at 15:47 by Patrick Schwisow (136 comments)

Not sure how I would use it, but interesting and well presented

Rating: 5 of 5

25.May.2011 at 15:55 by John Kary (80 comments)

Lots of info to get through in 45 minutes, so kudos for that. You gave a lot of good info on tips and caveats about each security implementation. Given the time slot and the different technologies to cover, I think this is a great talk.

If you had more time, it would be cool to see PHP code wrappers for some of those security implementations, just to show how difficult or simple they could be.

Rating: 5 of 5

25.May.2011 at 16:21 by Dan Hudlow (4 comments)

Enjoyable overview of API authentication and security.

Rating: 4 of 5

25.May.2011 at 16:27 by Mike Alderson (16 comments)

Really enjoyed the talk. I"m excited to starting working on some of the ideas that you have me.

Rating: 5 of 5

25.May.2011 at 17:09 by Rob Allen (109 comments)

Excellent overview of security considerations in relation to API design and development.

Rating: 4 of 5

26.May.2011 at 15:32 by Anna Filina (30 comments)

I really enjoyed the comparison between the different protocols. The best-practices part was particularly interesting. I would have liked short code examples for protocol implementation.

Rating: 4 of 5

28.May.2011 at 12:19 by Justin Carmony (41 comments)

I agree with everyone else. It was a lot of info to cover, and covered well for 45 minutes. Some code examples would have bene great, but not sure if you could fit them in with the time given. Maybe next year you could do a tutorial.

© 2019