Variety of Keys...

 The power of keys in the real world makes its own purpose. There are different types of keys to operate a lock.

Why do we have different types of keys? Because it serves to open a lock made for a specific reason. The most commonly used locks are deadlocks for residential doors and external security, knob locks for internal doors in residences, padlocks for lockers, gates, and sheds, keycard systems for hotels and offices, smart/digital door locks for modern homes and offices, tubular locks for vending machines and ATMs, time locks for bank vaults and safety.

When we come into the application, APIs provide connectivity between applications to exchange data and services. To make it secure, we use authentication and authorization. 

  • Authentication allows the user to access the application.
  • Authorization's main focus is to have the right people to have the right access to the right resources. 

We have various authentication types to secure accessing the API in the software ensuring that it is not misused. These are to safeguard the API from external threats and to avoid entry-point attackers. We may call it a key, token, or whatever it is, it will perform its duties and fulfill the sense of safety. When the user makes an API call, the request sends the key/token to the server to verify whether the client claims to have access or not. Based on the verification, the server confirms by sending the protocol back to the client to enter the application if it is not faulty.

A company always has the first aim to protect its data from external resources. Properly secured when it selects the authentication type based on its needs.

A few types of Authentications are:

  • HTTP Basic
  • API Key
  • JWT Token
  • OAuth and many more...

Benefits:

  1. Helps to secure data, networks, and applications.
  2. Helps the company to provide privileges to the user to limit what they can access to the application.
  3. Avoids external attacks by proper encryption algorithms.
  4. Improves user experience
  5. One authentication may serve multiple purposes for the user.
  6. Trust increases in case of business and client growth

Comments

Post a Comment

Popular posts from this blog

How to Install Jenkins

Image
Jenkins is an open-source Java application server for Continuous Integration and Continuous Delivery (CI/CD). This will run in servlet containers such as Apache Tomcat. It helps the developers to build, test, and deploy the software by automating using CI/CD pipelines. It detects bugs and notifies the developers in an early stage. How to Download and Install: Step 1: Go to https://www.jenkins.io/ . Click Download Step 2: Download Jenkins ‘Generic Java package’. I prefer to download the LTS package (It is a stable one). Step 3: Select your desired path after downloading and save the Jenkins.war file in your local system. Step 4: Go to command prompt (Windows) | Terminal (IOS)                Go to the folder where the war file is saved. Then, type the command java -jar Jenkins.war and run it. It will take a while to run the command. It gives an admin password. Note it down to use Jenkins the first time. The password will be saved in the Jenkin path. Step 5: Go to the browse
Read more

HTTP Payloads

Image
 What happens when I send a letter without information to the receiver that I require some details from them? What happens when the receiver writes a response to my letter without having the information I need? This information is similar to the body generally called a payload in HTTP request and response.  Let us see the payload in the HTTP request and HTTP response individually. I have added the below image to explain the HTTP request and response body/payload in JSON. I have used BurpSuite to take this image and Swagger Petstore (petstore.swagger.io) for this example. HTTP Request Payload Generally, the payload is not required for all the requests and responses. GET and HEAD methods usually do not require a body while sending a request to the server. The above example is a POST request to create a resource name 'doggie'. To achieve this, I should send some information about the resource which is called HTTP request payload. Breakdown of request payload: Content-Type:  Specif
Read more

Variables in Postman

What is a variable? This is the basic question to learn when you start programming. I am not going to dive deep into the programming concepts. Let me explain the variables used in Postman. What is a Variable in Postman? A data unit, that stores a value and it is dynamic based on the data type we use.  Should be written as Key: Value pair (Example: name= "Test"; num=1;) Provides the facility to access the value without manual effort every time. There are 5 different scopes of variables used in Postman. Global Variables Environment Variables Collection Variables Data Variables Local Variables These variable scopes are specially designed to refer to values in the Postman tool. Global Variable:          When the variable is assigned globally, it has all the privileges of accessing anywhere in the workspace such as the Environment, Collection. Environment Variable:          It is limited within the specific environment where you can access data between collections. Collection Vari
Read more