Open in app

Sign in

Write

Sign in

API Security using Tokens in Ten steps

Senthilkumar Gopal
2 min readApr 1, 2018

--

I have always yearned to share my knowledge and always on the look out to speak to external developers about my work at eBay and Identity/Security in general.

I spoke at multiple conferences this year — IndexConf, Silicon Valley Code Camp, API World and PRDC Deliver about API Security and how to “Build a strong token based API Security”

I have also written a detailed blog post on the same subject.

Building an API Token system from scratch

With the recent trend in microservices and service based architecture, APIs have taken a front seat for attacks of…

medium.com

Quick Look

Many developers are well versed with domain based application development. However when it comes to security, there are very few who can ascertain to the credibility of their API and Identity assertion systems. This talk targets the uncertainty around the functioning and utility of tokens in an API security landscape. It addresses the basic needs of a token infrastructure and what would it take to build one. This talk aims to help developers embrace security and identity as part of their tool chain and remove the skepticism around building their own API security. The developers should be able to use this discussion as a launchpad for building their own API authentication systems. This is a unique talk as many companies closely guard the secret of how their token infrastructure functions. Being the lead architect for eBay Identity and having hand crafted the infrastructure which powers eBay’s entire API stack authentication, Senthilkumar is driving the vision for Identity architecture for the next generation of services and uniquely poised to help developers with the talk to understand the nuances of API security and token infrastructure. He will be providing references to OAuth RFC specifications, OWASP threats and how it is addressed etc.

Presentation

The slides used during the presentation is available at Speaker Deck

Some of the conferences were kind enough to record the presentations and make them available online.

Index Conference

Sample Code

Some of the sample code used for the demo in the presentation is available at github

sengopal/ebay-oauth-sample

App Engine Getting Started with Java runtime. Contribute to sengopal/ebay-oauth-sample development by creating an…

github.com

Some of the twitter reactions and feedback has been really heart-warming.

API
Conference
Presentations
Security
Identity

--

--

Senthilkumar Gopal

Written by Senthilkumar Gopal

210 Followers

❤️ to code and solving complex problems everyday @AWS . Engineering leader for AI/ML Accelerator using Neuron. Opinions my own and does not represent AWS.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams