Author Archives: Jason Harmon

About Jason Harmon

API Architect @Paypal. Blogger/evangelist for #API. Purveyor of #BDD process. #Android tinkerer. #Quadcopter crasher.

Find more about me on:

How OAuth 2 trumps Basic authentication

6 Replies

So many negatives have been brought forth in the past on OAuth 2. Where there might be continuing points of contention, there is one area which seems to be clear: the “Resource Owner Password Credentials Grant” (OAuth 2 Spec, section 4.3) pattern as defined in the OAuth 2 spec is fundamentally superior to HTTP Basic authentication.

This formula describes gaining access to server resources directly. This approach might be utilized when you are securing your own resources; for instance, your mobile app that is accessing your own API.
Continue reading “How OAuth 2 trumps Basic authentication” »

How to localize your API

9 Replies

Full disclosure: I was born and live in the USA, American English is my native language, and I spend USD every day. However, I work with customers in 18 countries and regions on five continents, and the list is getting bigger all the time.Internationalization localization and currency

Operating a business in the global market is not as trivial as it might seem, if you’ve never seen it through. Everyone not only speaks different languages and has different currencies (not to mention driving on the different sides of the road), but they also have different cultural norms. In many situations, we can merely provide raw values for dates and currency and avoid formatting. However, when content includes localizable information, especially dates and currencies, display formatting needs to be sensitive to the localized culture.

If you’re considering making the jump off of your own soil to the rest of the globe, hopefully this will give you some insights.

Continue reading “How to localize your API” »

How safe is your API from its users?

3 Replies

Availability and safety are some of the most important implicit factors to the user experience of your platform’s users. When we discuss web security to ensure these factors, images of criminal rings using sophisticated techniques come to mind. Even if your data seems too low of worth for this scenario, perhaps the over-caffeinated, zit-faced script kiddie wreaking havoc on your operations is a fear.

However, the all-too-common reality in the API world is that your worst enemies are often your worst customers. Irresponsible or unknowledgeable developers writing super chatty apps. Opportunistic partners who look to take advantage of data that gives them value, in the form of high volume traffic, and no value for you in return. Scarier yet are users whose security tokens are compromised, leaving everything from users’ personal information to financial transactions at risk (now we might be talking about criminals again!).

Criminals

Continue reading “How safe is your API from its users?” »

The 5 laws of API dates and times

24 Replies

Let’s say you’re building your first API. Be it public, private, or some hybrid thereof, don’t be surprised if your first defect is date/time-related. Do not underestimate how much trouble you can get into when it comes to handling date and times. Here are some tips which might keep you out of this potential future.

Continue reading “The 5 laws of API dates and times” »