This might be a stupid question, but I don't understand what is stopping anyone from using something like Postman and deleting everything in my database. How do I stop this?
Not a stupid question at all. When someone sends a request to your api, you can check the header to see if it contains the necessary data that would allow them to do whatever there are trying to do, if it doesn't then you ignore the request, if it does then you do it.
Hi, if a developer stores their api key on the client, is there anything to stop a hacker from using up all of your api quota allowance say from using diffferent ip addresses/getting data/ running up a bill on your behalf? Is there any way to hide api keys client side without using something like oauth? I never see apis tell developers to not store the key client side so was just wondering. If oauth is used does that mean the api key doesnt have to be stored client side? I was thinking in terms of for say a chrome extension/app rather than something on a server Thanks
Thank you for the demo and the whole presentation is awesome, very informative. I think in the OAuth demo Tweeter will not issue a token directly to Buffer, 1st Tweeter will issue auth-code after user basic auth that will be given to Buffer and Buffer will present that to Tweeter and Tweeter will issue a token in exchange of the auth-code presented which was agreed/authorized by the user and then Buffer will perform the task via the API call. Please correct me if I am wrong.
Buffer is a platform that enables social media content managers or people that want to automate their social media post on different platforms. If you ever had to post and share on multiple channels in a regular basis, you know that it takes hours. Buffer allows you to save time.
starts at 4:11
Buffer example help me understand the actual security controls implemented with in API's using OAuth. This is Great! Thank you.
Super good video, clear voice, Easy to listen, Easy to understand, please make more. Awesome job!
Great explanations. I don't normally stick around. Nice job
How beautifully described! I want to learn more from you 😄
This is the excellent part...many thumbs up
Very nicely explained
This might be a stupid question, but I don't understand what is stopping anyone from using something like Postman and deleting everything in my database. How do I stop this?
Not a stupid question at all. When someone sends a request to your api, you can check the header to see if it contains the necessary data that would allow them to do whatever there are trying to do, if it doesn't then you ignore the request, if it does then you do it.
Hi, if a developer stores their api key on the client, is there anything to stop a hacker from using up all of your api quota allowance say from using diffferent ip addresses/getting data/ running up a bill on your behalf? Is there any way to hide api keys client side without using something like oauth? I never see apis tell developers to not store the key client side so was just wondering. If oauth is used does that mean the api key doesnt have to be stored client side? I was thinking in terms of for say a chrome extension/app rather than something on a server Thanks
I think you have to encrypt it
OK good video but isn't it enough for me to get the oauth token to post on your behalf?
Thank you for the demo and the whole presentation is awesome, very informative. I think in the OAuth demo Tweeter will not issue a token directly to Buffer, 1st Tweeter will issue auth-code after user basic auth that will be given to Buffer and Buffer will present that to Tweeter and Tweeter will issue a token in exchange of the auth-code presented which was agreed/authorized by the user and then Buffer will perform the task via the API call. Please correct me if I am wrong.
tweeeeeeeterrrrrr
Thanks heaps
1:50 You're welcome
I have a question, “ who is buffer?”
Buffer is a platform that enables social media content managers or people that want to automate their social media post on different platforms. If you ever had to post and share on multiple channels in a regular basis, you know that it takes hours. Buffer allows you to save time.
OAuth is NOT "Open AUTHENTICATION", it is "Open AUTHORIZATION". Subtle, but important
API and security well well ..
Trust me too many fishes to catch.