OAuth is the New Hotness: 76 OAuth-enabled APIs

Adam DuVander, May 3rd, 2010

The promise of sharing our data from one site with another raises plenty of privacy concerns. While not all of these worries can be solved by technology, one definitely can. You should not have to share your password in order for services to access your content on other sites. That’s where OAuth comes in. It’s “an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.”

It’s hardly a new technology. We wrote about the spec for the first version in 2007, noting the potential for more personal mashups. It has been adopted by many services including the Twitter API and multiple APIs from both Google and Yahoo. In our API directory one of the things we track is OAuth support. And as of this week, we list 76 OAuth APIs.

More recently OAuth has moved from a nice-to-have to a must-have. EWeek calls it the “New Hotness” and explains how it works (using Eran Hammer-Lahav’s valet key analogy):

OAuth’s supporters often compare the protocol to the valet key of a luxury car; such a key allows a parking attendant to use the car in a limited fashion, barring access to trunks or onboard phones, and restricting the operating radius of the car to a mile or two. In a similar fashion, OAuth enables end users to present identity credentials from one site or service, and grant another service access to data on the first site, without exposing one’s password to the second site.

For simplicity and security, many API providers are now considering only supporting OAuth. Twitter will go OAuth-only on June 30. Location-sharing service FourSquare proposed the same on its mailing list:

OAuth-only: believe it or not, this is how the v1 api started — and
then we backed off because we saw so much demand for a basic http auth
version.

OAuth takes a bit more work on both the provider and developer level, though there are libraries on each side that make it easier. And with advances like the new OAuth 2 (already adopted by Facebook), you can expect OAuth to be the choice for authenticated APIs going forward.

Both comments and pings are currently closed.

One Response to “OAuth is the New Hotness: 76 OAuth-enabled APIs”

December 9th, 2010
at 10:35 am
Comment by: Foursquare API v2 is Public, v1 Deprecated | Another Newyork Times

[...] for API authorization, has been gaining momentum all year. It was crowned by some as “the new hotness” back in May. Since then our directory has seen a a 50% increase in APIs using OAuth, from 76 [...]

Follow the PW team on Twitter

ProgrammableWeb
APIs, mashups and code. Because the world's your programmable oyster.

John Musser
Founder, ProgrammableWeb

Adam DuVander
Executive Editor, ProgrammableWeb. Author, Map Scripting 101. Lover, APIs.