Tag Archives: OAuth

Endpoint speaker highlight: Kamyar Mohager

Endpoint is a conference organized by API developers, for API developers. The conference will be held in Amsterdam on September 5, 2014. If you develop APIs for apps, websites or other clients, there’s certainly a session that will interest you.

Kamyar Mohagen

To give you a feeling of what to expect at the Endpoint conference we’ve talked with Kamyar Mohager, who will be in Amsterdam representing Linkedin. Kamyar will be delivering the opening keynote on September 5 at 9:00 so make sure you don’t miss it.

Continue reading “Endpoint speaker highlight: Kamyar Mohager” »

Tictail API launch focuses on UX

Tictail, a Swedish e-commerce platform that manages over 24,000 stores spread across 110 different countries, launched their API on September 16, 2013. Because Tictail’s main focus is simplicity of use, they decided to offer developers the same tools they use internally to build this new platform. According to Carl Waldekranz, Tictail CEO, they “want developers to have that same opportunity as [the company] continues to grow internationally.”

TictailDeveloperPortal

Their developer platform includes the API but also their open application store, which is where all the action is for companies that want to make money selling apps. The whole project took them 3 months to carry out and everything is being managed without any external tools. Continue reading “Tictail API launch focuses on UX” »

How OAuth 2 trumps Basic authentication

So many negatives have been brought forth in the past on OAuth 2. Where there might be continuing points of contention, there is one area which seems to be clear: the “Resource Owner Password Credentials Grant” (OAuth 2 Spec, section 4.3) pattern as defined in the OAuth 2 spec is fundamentally superior to HTTP Basic authentication.

This formula describes gaining access to server resources directly. This approach might be utilized when you are securing your own resources; for instance, your mobile app that is accessing your own API.
Continue reading “How OAuth 2 trumps Basic authentication” »

Authentication: Don’t be Clever

HTTP API authentication has evolved through many forms over the years. As so-called RESTful APIs gained popularity, a variety of methods sprung up: key passing, plain-old HTTP Basic Auth, OAuth 1.0, OAuth 1.0a, OAuth 2.0 (and it’s 40 revision) and some less-common custom schemes. With the OAuth 2.0 specification finalized, things are finally starting to settle down and coalesce around a single auth mechanism. For publicly-available APIs, OAuth 2.0 should be on your list of requirements.

Continue reading “Authentication: Don’t be Clever” »