Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Watching Out for Your API Keys and Tokens on Open Internet

DZone's Guide to

Watching Out for Your API Keys and Tokens on Open Internet

Auth0's password breach detection service could be the start of a new default method of handling API security. See why it matters and how it could impact the industry.

· Integration Zone
Free Resource

Build APIs from SQL and NoSQL or Salesforce data sources in seconds. Read the Creating REST APIs white paper, brought to you in partnership with CA Technologies.

I was just learning about Auth0's new password breach detection service, adding to the numerous reasons why you'd use their authentication service instead of going at it on your own. It's an important concept I wanted to write about so that it was added to my research and present in my thinking around API authentication and security going forward.

Keeping an eye out for important identity and authentication related information used as part of my API consumption is a lot of work — it is something that I'd love to see more platforms assist me with. I've written about AWS communicating with me around my API keys, and I could see an API key and token management solution be built on top of their AWS Key Management Service. I've also received emails from Github about my OAuth token that show up in a public repo (happened once).

Many application developers do not have the discipline to always manage API keys and tokens in a safe and secure way (guilty). It seems like something that could become default for API providers — if you issue keys and tokens, then maybe you should be helping consumers keep an eye out for them on the open Internet. Which smells like an opportunity for some API-focused security startup. 

Have you seen any other API providers provide key and token monitoring services? Is there anything that you do as an API consumer to keep an eye out for your own keys and tokens? Search for them on Github via the API? Manually search on Google? I am curious to learn more about what people are doing to manage their API keys and tokens.

The Integration Zone is brought to you in partnership with CA Technologies.  Use CA Live API Creator to quickly create complete application backends, with secure APIs and robust application logic, in an easy to use interface.

Topics:
services ,monitoring ,token ,password ,api key ,solution ,aws ,authentication

Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}