DZone
Integration Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Integration Zone > An Auditing API for Checking in on API Client Activity

An Auditing API for Checking in on API Client Activity

I'm thinking about how the idea of monitoring activity applies beyond mobile to IoT and the potential for external third-party auditing of API and endpoint consumption.

Kin Lane user avatar by
Kin Lane
·
Oct. 09, 16 · Integration Zone · Opinion
Like (1)
Save
Tweet
2.54K Views

Join the DZone community and get the full member experience.

Join For Free

Google just released a mobile audit solution for their Google Apps Unlimited users who are looking to monitor activity across iOS and Android devices. At first look, the concept didn't strike me as anything I should write about. However, once I got to thinking about how the concept applies beyond mobile to IoT and the potential for external third-party auditing of API and endpoint consumption, it stood out as a pattern I'd like to have in the filing cabinet for future reference.

Using the Google Admin SDK Reports API, you can access mobile audit information by users, device, or by auditing events. API responses include details about the device including model, serial numbers, user emails, and any other element that included as part of device inventory. This model seems like it could easily be adapted to IoT devices, bots, and voice clients.

One aspect that stood out for me as a pattern I'd like to see emulated elsewhere is the ability to verify that all of your deployed devices are running the latest security updates. After the recent IoT launched DDOS attack on Krebs on Security, I would suggest that the security camera industry needs to consider implementing an audit API, with the ability to check for camera device security updates.

Another area that caught my attention was their mention that "mobile administrators have been asking for a way to take proactive actions on devices without requiring manual intervention," meaning you could automate certain events by turning off or limiting access to specific API resources. When you open this up to IoT devices, I can envision many benefits depending on the type of device in play.

There are two dimensions of this story for me: 1) that you can have these audit events apply to potentially any client that is consuming API resources, and 2) the fact that you can access this data in real-time or on a scheduled basis via an API. With a little webhook action involved, I could really envision some interesting auditing scenarios that are internally executed, as well as an increasing number of them being executed by external third party auditors making sure mobile, devices, and other API-driven clients are operating as intended.

API

Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How To Check for JSON Insecure Deserialization (JID) Attacks With Java
  • MACH Architecture Explained
  • Event-Driven Hello World Program
  • Blocking Ads on Your Network Using Raspberry Pi 3 + Fedora + Pi-hole

Comments

Integration Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo