Upload File

be it conference 2015 | skrill - how to protect your rest apis with oauth

  • Home
  • Technology
  • Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth
23
Page 1 How to protect your REST APIs with OAuth 15 May 2015

Upload: jobtiger

Post on 03-Aug-2015

69 views

Category:

Technology


0 download

Report

Tags:

TRANSCRIPT

Page 1: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 1

How to protect your REST APIs with OAuth

15 May 2015

Page 2: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 2

• Introduction• OAuth in a nutshell• Approaches• API Gateway• ApiFest• Taking things further• Q & A

Agenda

Page 3: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 3

Hi, I’m Ivan

Introduction

Page 4: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 4

OAuth?

http://en.wikipedia.org/wiki/OAuth

OAuth in a nutshell

http://en.wikipedia.org/wiki/OAuth
http://en.wikipedia.org/wiki/OAuth
Page 5: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 5

Simple OAuth Flow

Page 6: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 6

• Adding validation in every service

Approaches

Page 7: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 7

Token Validation

Page 8: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 8

• Filtering requests before service code is executed

Smarter Aproach

Page 9: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 9

Token Validation Flow

Page 10: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 10

• Entirely decoupling validation

The Different Approach

Page 11: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 11

• Decouple the validation from the rest of the application

API Gateway

Page 12: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 12

API Gateway Web Service Flow

Page 13: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 13

ApiFest

• Open source (Apache 2 Licenced):http://apifest.com/https://github.com/apifest

• Authored by Rossitsa Borissova

http://apifest.com/
http://apifest.com/
http://apifest.com/
https://github.com/apifest
https://github.com/apifest
Page 14: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 14

ApiFest

• Built-in support for OAuth2• Uses Netty• Built-in clustering support via Hazelcast• Can remap requests• Mapping configuration via xml• Allows plugging in your own code• Online reloading

Page 15: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 15

• Adding information to the token

Taking things further

Page 16: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 16

Web Service Flow

Page 17: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 17

• Adding information to the token• Reformatting the communication

Taking things further

Page 18: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 18

Web Service Flow

Page 19: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 19

• Adding information to the token• Reformatting the communication• Unifying multiple services

Taking things further

Page 20: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 20

Web Service Flow

Page 21: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 21

Q & A

Page 22: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 22

Thank you

Page 23: Be IT Conference 2015 | Skrill - How to protect your REST APIs with OAuth

Page 23

Skrill Ltd | Level 27 | 25 Canada Square | London E14 5LQ | UK

www.skrill.com

Skrill Ltd | Level 27 | 25 Canada Square | London E14 5LQ | UK

www.skrill.com


Securing APIs using OAuth 2.0

H. Tschofenig OAuth 2.0 Security: OAuth Open Redirector · OAuth 2.0 Security: OAuth Open Redirector draft-bradley-oauth-open-redirector-02.txt Abstract This document gives additional

Common Reference for docomo Developer support APIs Version 2.0 · 2019-06-14 · Grant of OAuth 2.0 Authorization Framework. See RFC 6749 and RFC6750 of OAuth 2.0 for details. 2

Google App Engine Google APIs OAuth Facebook Graph API Google Developer Group Presentation & Workshop @ Albertian Institute of Science & Technology – 19

Securing your APIs with OAuth, OpenID, and OpenID Connect

Skrill Prestashop Module Configuration Guide · Skrill Limited, 25 Canada Square, Canary Wharf, London, E14 5LQ, UK Skrill Prestashop Module Configuration Guide Integration with Skrill

REST API Guide – OpenManage Essentials · 2018-01-25 · Two-legged OAuth-based authentication The 2-legged OAuth mechanism is popular in many public REST APIs in the industry

Building APIs with MVC 6 and OAuth

The Essential OAuth Primer: Understanding OAuth for Securing Cloud APIs

Skrill PHP Library Guide

Mastering OAuth 2 - Adobe Inc.€¦ · leveraging the OAuth 2.0 Authorization Framework Mastering OAuth 2.0 Charles Bihis Mastering OAuth 2.0 OAuth 2.0 is a powerful authorization

Securing RESTful Payment APIs Using OAuth 2

Protecting APIs from Mobile Threats- Beyond Oauth

An OAuth protected platform (Nordic APIS April 2014)

Securing your APIs with OAuth 2.0 in InterSystems API

Skrill Magento 1 Module Configuration Guide...Skrill Limited, 25 Canada Square, Canary Wharf, London, E14 5LQ, UK Skrill Magento 1 Module Configuration Guide Integration with Skrill

OAuth 2.0: Securing APIs, Mobile, and Beyond - Micro … White Paper OAuth 2.0: Securing APIs, Mobile, and Beyond OAuth 2.0 in Action Here is a behind the scenes look at how the printing

Securing APIs with OAuth 2.0

OAuth 2.0: Securing APIs, Mobile, and Beyond - NetIQ · PDF fileOAuth 2.0: Securing APIs, Mobile, and Beyond White Paper Access Manager by Harippriya Sivapatham, Micro Focus® Engineering

OAuth Security - zisc.ethz.ch · OAuth Challenges @ Google Several hundred scopes, APIs Different types of data Users with varied understanding of security Enterprises on Google Users

Bienvenido a Skrill. · Bienvenido a Skrill. 1. Acerca de Skrill 1.1. Skrill Limited, una empresa constituida en Inglaterra y Gales con el número de registro 4260907. Estamos autorizados

Google App Engine Google APIs OAuth Facebook Graph API

Kako Zaraditi Novac Online - Skrill

Secure your APIs & Microservices with OAuth & OpenID Connect€¦ · üAll API Conferences üAPI Community üActive blogosphere Organizers and founders Austin API Summit June 11 –

Advanced API Security Healthcare Information Privacy ... › sgw › documents › 1451044 › ... · Securing APIs with OAuth, OpenID, and JSON Practical API Security is a complete

Skrill Wallet Checkout Integration Guide · The Skrill Wallet Checkout is a secure Skrill site, where you redirect customers from your website to make a Wallet payment through Skrill

Skrill Method

The Essential OAuth Primer: Understanding OAuth …docs.media.bitpipe.com/.../item_426600/The-Essentials-of-OAuth.pdfThe Essential OAuth Primer: Understanding OAuth for Securing Cloud

Um guia para a segurança de OAuth e de API - ca.com · Como o OAuth 2.0 difere das versões anteriores? 6 ... de entrega, e o OAuth é a melhor prática para a autorização de Apis

Skrill Payments Interface Manual

Payment via Skrill

Responsible Authentication for APIs Web Service …...The world’s libraries. Connected. • Describe OCLC’s WSKey system and Oauth 2.0 implementation • Walk through sample code

Skrill Gateway Guide - Wallet

Skrill Automated Payments Interface (API) Guide

GETTING STARTED WITH KITEWORKS … OAuth 2.0 Flow The kiteworks APIs allows any new client application (client for short) to be developed for the kiteworks solution. The APIs can be