API Key Authentication Best Practices

Описание к видео API Key Authentication Best Practices

Get Started with Zuplo Free - https://portal.zuplo.com/signup

Many public APIs choose to use API keys as their authentication mechanism, and with good reason. In this video, we’ll discuss how to approach API key security for your API, including:

why you should consider API key security
design options and tradeoffs
best practices of API key authentication
technical details of a sound implementation

This video is based on this blog post: https://zuplo.com/blog/2022/12/01/api...

If you like this, be sure to checkout a similar video on rate limiting    • The subtle art of API Rate Limiting  


▬▬▬▬▬▬ T I M E S T A M P S ▬▬▬▬▬▬
00:00 - Where our best practices came from
00:40 - Why do the world's best API-first companies use API Keys?
06:30 - GitHub Secret Scanning program
07:05 - Retrievable or Irretrievable?
10:36 - Rolling transition period
11:53 - Show the created date
12:37 - Checksum Validation
14:44 - Support Secret Scanning
16:44 - Minimize Latency
18:49 - Hide Keys Until Needed
20:00 - Copy Pasta
20:50 - Label your Keys
22:36 - Canonical Implementation Flow


See also: https://zuplo.com/blog/2022/05/03/you...

GitHub's secret scanning partner program: https://docs.github.com/en/developers...

Комментарии

Информация по комментариям в разработке

Похожие видео