Google, in what appears to be a new initiative to make their APIs more secure for end users and easier to for developers to work with, has begun rolling out OAuth 2.0 support for its APIs. This brings about two major changes in how apps integrate with Google APIs.
Security is of paramount importance in applications. APIs are the cornerstone of most applications today and ensuring that the data flowing through the API calls is secure cannot be overemphasized. Secure Sockets Layer (SSL) has been available to us for years now and Google has made the first moves in using SSL across its suite of products with a plan to rolling out SSL for most of its developer APIs in the latter part of the year.
For a few days, Facebook was providing a user’s phone number and address available, with the user’s permission, via its Facebook Graph API. Likely fueled by distrust of Facebook’s previous approaches to privacy, users and press reacted negatively to the concept. Based on this feedback, Facebook reversed its decision and neither phone or address is returned to applications at this time. Privacy is a big concern, especially for APIs, but Facebook took appropriate steps for gaining user permission. The reaction to Facebook’s platform change was an overreaction, which points to a need for more granular privacy controls and a better method of granting access.
A Digg community member, suspicious of some top links, used the site’s Digg API to uncover a 159 fake accounts. By comparing the stories voted on by these accounts to other stories, he discovered what appeared to be directed fraud and what Digg now calls “tests to find spam vulnerabilities.” We spoke to the community member to learn how he used the site’s API and what he learned.
Network administrators have many responsibilities. Is the server up? Are e-mails bouncing? Now, in addition to these low-level issues, Google’s Safe Browsing Alerts for Network Administrators allow sysadmins to get alerts for web sites in their network which may be hosting malicious content.
Facebook added an application settings dashboard to give users a way to see what information is available to apps. The move makes very clear what was previously murky. The result should be users who are more likely to trust your applications, because it’s harder for others to get away with tricking them into permission.
We’ve covered location stalking through apps like Foursquare, Gowalla, and Facebook Places as a potentially hazardous concept for the truly paranoid. Well, it’s not so much a laughing matter, anymore. A ring of burglars in New Hampshire used social websites, and potentially tracked location sharing app checkins, to find when their soon-to-be victims were away from [...]
Today could be the last day for some web applications built purely with client-side JavaScript and the Twitter API. According to Twitter, Basic Authentication has been permanently shut off, as promised. While the move should bring better security for many users, it will also make building JavaScript apps without server-side support for OAuth practically impossible due to security issues.
Careful what photos you tweet–and where you were when you snapped the shot. There’s another site designed to warn you against the hazards of over-sharing. This time it’s not related to active location-sharing, but instead accidental. The meta-data stored in your photos may be giving away where you live.
Previously set to go away today, using the Twitter API with basic authentication will instead be phased out over the next two weeks. During that time, any application still using the older method should switch to OAuth, which has been the preferred method for some time.
©ProgrammableWeb.com 2012. All rights reserved.
Terms of Service | Privacy Policy
