Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Watching Out for Your API Keys and Tokens on Open Internet

DZone's Guide to

Watching Out for Your API Keys and Tokens on Open Internet

Auth0's password breach detection service could be the start of a new default method of handling API security. See why it matters and how it could impact the industry.

· Integration Zone ·
Free Resource

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

I was just learning about Auth0's new password breach detection service, adding to the numerous reasons why you'd use their authentication service instead of going at it on your own. It's an important concept I wanted to write about so that it was added to my research and present in my thinking around API authentication and security going forward.

Keeping an eye out for important identity and authentication related information used as part of my API consumption is a lot of work — it is something that I'd love to see more platforms assist me with. I've written about AWS communicating with me around my API keys, and I could see an API key and token management solution be built on top of their AWS Key Management Service. I've also received emails from Github about my OAuth token that show up in a public repo (happened once).

Many application developers do not have the discipline to always manage API keys and tokens in a safe and secure way (guilty). It seems like something that could become default for API providers — if you issue keys and tokens, then maybe you should be helping consumers keep an eye out for them on the open Internet. Which smells like an opportunity for some API-focused security startup. 

Have you seen any other API providers provide key and token monitoring services? Is there anything that you do as an API consumer to keep an eye out for your own keys and tokens? Search for them on Github via the API? Manually search on Google? I am curious to learn more about what people are doing to manage their API keys and tokens.

With SnapLogic’s integration platform you can save millions of dollars, increase integrator productivity by 5X, and reduce integration time to value by 90%. Sign up for our risk-free 30-day trial!

Topics:
services ,monitoring ,token ,password ,api key ,solution ,aws ,authentication

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}