Shona Hossell

API authentication is about proving that whoever is trying to access an API is who they say they are. This is sometimes confused with authorization which is about proving that whoever is trying to access data via the API has the right to access that data. In this article we’ll discuss the main API authentication methods (HTTP basic authentication, API Keys and OAuth2) and whether they provide sufficient protection for your APIs. Read Full Story

Attacks against APIs are increasing and API key protection is central to minimizing your business risks. In this article we’ll look at what your exposures are and what you should do about it. Read Full Story

Mobile app developers keep hearing that they shouldn’t store API keys in their app code but they don’t hear where they should store them. In this article we discuss the topic and provide some practical solutions. Read Full Story

As many social media platforms continue to experience incredible growth in popularity, the supporting apps, and the APIs that service them, remain top targets for bad actors. The ability to communicate quickly and indirectly with the platforms’ vast user bases make them ideal for spreading malware, phishing attacks, or fake news. Networks of automated accounts, gaining artificial levels of popularity and influence are often used to instigate attacks and the recent admission by Facebook that Kremlin linked propaganda may have been seen by as many as 126 million users gives us some idea of the scale of the threat and the ambition of the attackers. Read Full Story