Over a million developers have joined DZone.

An Auditing API for Checking in on API Client Activity

I'm thinking about how the idea of monitoring activity applies beyond mobile to IoT and the potential for external third-party auditing of API and endpoint consumption.

· Integration Zone

Learn how API management supports better integration in Achieving Enterprise Agility with Microservices and API Management, brought to you in partnership with 3scale

Google just released a mobile audit solution for their Google Apps Unlimited users who are looking to monitor activity across iOS and Android devices. At first look, the concept didn't strike me as anything I should write about. However, once I got to thinking about how the concept applies beyond mobile to IoT and the potential for external third-party auditing of API and endpoint consumption, it stood out as a pattern I'd like to have in the filing cabinet for future reference.

Using the Google Admin SDK Reports API, you can access mobile audit information by users, device, or by auditing events. API responses include details about the device including model, serial numbers, user emails, and any other element that included as part of device inventory. This model seems like it could easily be adapted to IoT devices, bots, and voice clients.

One aspect that stood out for me as a pattern I'd like to see emulated elsewhere is the ability to verify that all of your deployed devices are running the latest security updates. After the recent IoT launched DDOS attack on Krebs on Security, I would suggest that the security camera industry needs to consider implementing an audit API, with the ability to check for camera device security updates.

Another area that caught my attention was their mention that "mobile administrators have been asking for a way to take proactive actions on devices without requiring manual intervention," meaning you could automate certain events by turning off or limiting access to specific API resources. When you open this up to IoT devices, I can envision many benefits depending on the type of device in play.

There are two dimensions of this story for me: 1) that you can have these audit events apply to potentially any client that is consuming API resources, and 2) the fact that you can access this data in real-time or on a scheduled basis via an API. With a little webhook action involved, I could really envision some interesting auditing scenarios that are internally executed, as well as an increasing number of them being executed by external third party auditors making sure mobile, devices, and other API-driven clients are operating as intended.

Unleash the power of your APIs with future-proof API management - Create your account and start your free trial today, brought to you in partnership with 3scale.

Topics:
integration ,clients ,apis ,monitoring

Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}