APIs for Authentication: A journey

Posted on April 24 by Michael Petychakis

Application Program Interface (API) key authentication is a technique that overcomes the hurdles of using shared credentials by using a unique key for each user. The key is usually in the form of a long series of letters and numbers that are different from the account login password. The owner provides the client with the key that helps the client access a website. When a client provides the said API key, the server allows the client to access data. The server has the power to limit administrative functions to any client for example in changing passwords, or deletion of accounts. API keys are sometimes used so that account passwords do not have to be given again and again. The APIs offer flexibility to limit control while also protecting user passwords.

API keys work a lot of different ways as they were conceived by multiple companies and they all have a different way of authentication. There are some API keys like Basic Auth that uses an established standard along with some strict rules. However, over time some familiar approaches are being used. These include putting the key in the Authorization header accompanying the username and password, another one just demands to add the key onto the URL. Sometimes keys are buried in the request body together with the data. Wherever the key is added the outcome is the same, the server provides access to the user.

There are different security protocols being used like OAuth1.0a, Basic API authentication with TLS and OAuth2.0. Basic Auth is the simplest because it only uses the standard framework or language library. Because it is the simplest hence, it offers the least security and provides no advanced options, you are simply providing a username and password that is Base64 encoded.

OAuth1.0a has, on the other hand, the most secure security protocol as it uses a cryptographic signature, combined with a token secret, none and other request based information. As the token is never directly passed across the wire so there is no possibility of anyone seeing a password in transit, this provides an edge to OAuth1.0a. On the other hand, this level of security comes with a lot of complexity. You have to use hashing algorithms with strict steps, but now this problem has been overcome as every other programming language can do it for you.

Repose is another API authentication platform that provides open source API validation, HTTP request logging, rate limiting and much more. It employs a RESTful middleware platform that is easily scalable and extensible. OAuth2.0 and Auth0 are both open sources API authenticators. Both have a completely different approach from OAuth1.0a. The encryptions are handled by TLS (previously called SSL) rather than using cryptographic algorithms. There are not that many OAuth2.0 libraries so this provides a disadvantage to users. OAuth2.0 is used by big names like Google and Twitter.

Auth0 is a platform that allows authentication of apps and supports just about all identity providers on any device or cloud. It uses a secure HTTPs API key to integrating with other tools giving it a seamless experience. It provides the clients with the ability to authenticate with credentials that they are comfortable with.

Many management platforms for API are available, each platform bringing something unique on the table. Kong is an API manager that offers a range of plugins to improve security, better authentication services and management of inbound and outbound traffic. Kong acts as a gateway between the client and the API, providing different layers of rate limiting, logging, and authentication.

3Scale is another manager that separates traffic control and management layers, as a result it produces superior and unsurpassed scalability. It integrates many gateway deployments with Amazon, Heroku, and Red HatOpenshift, which are free to use. Additionally, plugins can also be added to libraries built in several different languages and they design custom API management protocols for organizations as well. Microsoft Azure also provides a host of options for users so that little effort is done on the client’s part and most of the work is accomplished by managers. Azure uses a professional front end and developer portal that make it more user-friendly. It offers the greatest number of options for APIs and thus attracts more clients.

Del Boomi can be thought of as a cloud middleware, plumbing between applications that reside on cloud or premise. They can efficiently manage data for social networks and other uses. Boomi communicates with data across different or common domains, giving it an added advantage. MuleSoft is another API manager that makes use of Anypoint platform, thus it re-architects the SOA infrastructure covering legacy systems, proprietary platforms, and custom integration. This results in a strong and agile business solution for their clients.

AWS cognito is another management system offered by Amazon web services. They offer an adaptive multi-layer design that includes products which ensure availability and resilience. AWS cognito is built with security as its key feature. It can be easily deployed on any platform, using lock library or custom build implementation that can be chosen from more than 50 integrations. It enables clients to authorize users through an external identity provider that assigns temporary security credentials for users to access your website/app. It employs external identity providers that support OpenID, SAML, and the option to integrate your own identity provider.

Recently, API has found its applications in health-related fields. A vast majority of healthcare providers and other companies in the healthcare industry are making use of the web and mobile services. They provide vital information to patients and help them share information with other prescribers. Medical APIs will also help with the integration between partner providers, patient support services, insurance companies and government agencies. But are these API’s HIPPA compliant is a question many users have. Yes, there are many providers that meet the challenge of conforming to client demands while also ensuring the security of medical data.

Apigee Edge, another platform enhances digital value chain from the back end for customers who engage an app. It is HIPPA (Health Insurance Portability and Accountability Act) and PCI compliant. Apigee maintains management compliance by a number of features that include, encrypting and masking information, protecting traffic and managing and securing all data.

For healthcare providers, there are other API managers that provide HIPPA compliance like TrueVault. TrueVault acts as an interface between internal data and external applications. For instance, if a diagnostic laboratory wants to provide online viewing of test results, by making use of TrueVault they can allow approved third parties to access that information without the use of custom APIs or hooks. Hence, it provides a secure service that not only saves time but delivers information to the patients via mobile and tablet interfaces.

Still, there are many challenges that API managers face in making optimized solutions for the healthcare sector. Lack of access to effective tools required for testing and monitoring these interfaces are a serious obstacle for the developers. Furthermore, the developers lack insight and feedbacks in medical APIs which is a critical factor in developing elaborate and engaging APIs that will be widely adopted by the medical field.

Build Your Own Udemy

Posted on April 3 by Michael Petychakis

Today we all are living in technological driven world where online learning has become an important and totally worthwhile way of learning on-the-go. Now our future of higher education lies in the hand of the online learning system. Nowadays college and university students find themselves burdened with Jobs and family commitments and having an option of studying at their own time has become a critically important part of their life, as its very convenient and less expensive for most of the students moreover, You can work on any course just about anywhere you have computer access.

Because of the expanding trend of online learning platforms like Udemy, khan academy, now the question arises is that how can we make our own online learning platform, what are the core technologies involved in developing such systems, the answer to that is Application programming interface (APIs). APIs are sets of instructions or requirements that govern how one application can communicate with another.

The function of an API is usually fairly straightforward and simple, the process of choosing which type of API to build, understanding why that type of API is appropriate for your application, and then designing it to work effectively is the key to giving your API a fairly long life and making sure that it’s used by developers.

There are many types of APIs available. For example, you may have heard of Java APIs or interfaces within different classes that let objects interact with each other in the Java programming language. Along with program-centric APIs, we also have Web APIs like the Simple Object Access Protocol (SOAP), Remote Procedure Call (RPC), and the most popular at least in name, Representational State Transfer (REST).

There are more than one alternatives

If you’re looking for building your own platform for e-learning like Udemy, it’s important to decide which type of method you have in mind for the delivering lectures of courses that are offered, it can be audio, video or simple text. Video lectures are more in trend these days so now it’s important to know how to make your own live streaming videos for course lectures, there are a lot of APIs that can offer to make an application that is user friendly and fast but for specific live video streaming Castasy is a good way of doing so as it’s a cost efficient solution that has arrived in the form of a software This new live streaming software comes with compatible versions for both iOS and Android devices and also comes in a desktop version. The software basically allows the user to have an application and website that could stream live videos with their own live streaming software. The user is capable of allowing access or denying access to any follower. Each video gets a separate URL and posting that specific URL in their browser, users can view the video at their desktops with the website version of that software. With different URLs users have the facility to view a number of videos available in the website version of the software The live streaming software also withholds a chat feature facilitating viewers to chat on videos as they are streamed so they can discuss relevant topics related to that video it’s a very good feature for e-academies as it helps the students to discuss different queries through chat.

Now if we talk about the most popular, known and very efficient API developer Citrix, Gotowebinar, and Udemy usually comes into the person’s mind now let’s look at them one by one and in detail.

What Citrix basically do is that these applications are streamed from a centralized specific location into an isolated environment where they are executed on different target devices. Application configuration, settings, and relevant files are copied to the client device. When you start the session virtualization, applications are delivered from hosting servers in the data center with the help of application streaming. The user is then connected to the server to which that specific application was delivered. The application is then executed on the server, and the server power is maximized. While the server receives mouse clicks and random keyboard strokes, it sends all the screen updates to the end user device.

GoToWebinar is a purpose-built for do-it-yourself Webinars, making it easy for multinational organizations to deliver their message to thousands of people at the same time, eliminating costly travel or expensive marketing promotions. Innovative in-session features and reports help businesses evaluate the success of their Webinars and to judge whether it was successful or not .it’s actually a Citrix production but it’s usually considered as a different API.

If we look at Udemy as an API we see that Depending on our intended use case, we may be interested in creating our own courses, basically our own platforms for e-learning, it helps us in developing that certain stage, we can consume premium courses, or develop our own through Udemy it’s an easy way to provide services online and earn a little bit of fortune.

API’s	pricing	benefits	Availability
Gotowebinar	For starters, it costs $89.00 and can provide services for up to 100 participants For Pro it costs $199.00/mo and can entertain up to 500 Participants For plus it costs $429.00 and can provide services for 2000 Participants	· Reliable · Ease of use · Cost efficient · Saves time and money that is otherwise consumed on marketing	Easily available in the US and outside of US
Citrix	It ranges between 80$ to 500$	· standardized, common setup. · compress the data · it’ll encrypt the data for security · the performance is faster · centralized management	Easily available all around the globe
Udemy	· list prices of Udemy range between $20 – $200. · Larger discounts are offered. · We can run promotions if different courses in 10 to 15$	The ability to create your own courses The easiest opportunity to centralize your training materials Easy Management of users and courses	Available all around the world

It is not as hard as you may think

Every API technologies have a lot of benefits and mostly are available all around the globe if we want to build our own e-learning platform it’s easier to utilize these APIs rather than developing our own, as its cost efficient and gives us all the desirable features whether it’s online streaming of lectures or publicity of a certain seminar they provide us with every feature necessary to develop our own Udemy .

Cloud Computing is every #Startup’s #CTO best friend

Posted on February 5 by Michael Petychakis

The needs of a startup:

Chief technology officers play a major role in managing the technical aspects of a company, especially for startups. The requirements of a company in the early stages differ considerably from its requirements in the later stage. For most startups, the initial period is turbulent; the market waters harsh and finding loyal partnerships cumbersome. For CTOs, this period can be exceedingly stressful, they have to manage and ensure the entire operation of the company runs smoothly at every point. As the world advances into digital zones, the burden on CTOs has increased. Initially, the company may hire a lot of IT professionals to take care of technology needs, however, as time goes on, these professionals would be cut down and some advance and take on more responsibility. The later stages of a startup are more secure and stable, by this point CTOs already have their strategy in motion, they have hired professions to handle technology work and their major role lies in super vision. However, during the middle region, CTOs can face numerous challenges. From finding the right balance in the company, managing resources, storing data, keeping the company wired, operational and connected to the market, can be a hurdle. However, diligent CTOs manage the company needs, keeping their eye on the end price.

The role of a CTO

Chief Technology officers are required to maintain the smooth functionality of technology, while reducing expenses of the company. Micro-level events are exceptionally useful for CTOs and they are always on the look at for changes that might occur at this level. For example, ways in which digital technology can be improved. Since data is the basic tool of most companies, CTOs often look for ways to improve high data throughput. The technology market and all its innovations are always under the radar of Chief technology officers. These people do not invest impulsively; rather make calculated decisions to ensure that every investment results in incremental growth and money savings for the company. CTOs look at market trends and environments, the evolutions that take place and the competition they face in the market. Moreover, these officers pay diligent attention to customer preferences and buying habits. These two aspects show the company how to market products so they become more appealing to customers. These customer needs are evaluated on a five year basis, as customer preferences change only slightly during this time frame. However, if certain technological advances make big waves in the market environment, then CTO’s are required to change their strategies accordingly. While these are the basic requirements and credentials of CTO’s, hiring equally qualified tech experts also falls under their domain. CTO’s are also required to manage their team, and ensure every department and their technology needs are fulfilled, and run smoothly at all times.

What is Cloud Computing?

Cloud computing or internet based computing is on demand access to a number of configurable computer resources. These resources can include computer networks, data, storage, servers, applications and other services. The services can be dispatched with minimum management, and are normally safer, and more reliable for data needs. Cloud storage and computing give customers and companies the platform to safely store their data, privately and even remotely. In some cases outsourced companies may be involved in providing the services, however, other cloud based computing are very personalized.

Cloud computing and services can really reduce the cost of the technology infrastructure of a company. For startup companies, the costs are already high and initial revenue low, hence for such companies, cloud computing provides and easy, accessible and cheap option, as they do not need to buy separate servers. By taking care of the IT needs of organizations, it gives companies the leverage to focus on central issues and core business goals. Moreover, it allows CTOs to manage the technology needs faster, more professionally, and in a systematic manner. When such professionals have to take care of big data and services on a daily basis, they rarely find the time to focus on more important issues at hand, managing the technology resources. Moreover, since these servers are outsourced, maintenance costs are negligible for the company. In addition, it also reduces the personnel need of a company, and hence cuts costs considerably.

While cloud computing can offer a range of benefits to companies, there are some draw backs as well. Public cloud computing options are very risky, and in the past, there have been countless breaches that have resulted in loss of personal information from companies. This information can include sensitive credit card information, employee details or any company data. Usually hackers release such information on social media outlets, and this can cause the public image of a company to be in jeopardy. There have been numerous documented cases of theft and cyber hacking on public cloud computing, however, it is uncommon in Private cloud computing. None the less, the risks associated are very high, and due to the remote nature of the vice, the criminal can be very hard to track down.

Cloud Computing for CTOs: Design solutions in Cloud

Cloud Computing can offer a lot to companies, especially CTOs. Not only are there many cost saving benefits of employing such a service, but, most technology aspects of the company get assisted by the service. Cloud computing solutions are cheaper for companies, and by outsourcing data and IT needs, CTOs can focus on what truly matters, designing solutions to run the company seamlessly. The data becomes much easier to manage for officers, becomes more transparent and storage issues rarely arise.

Amazon’s CTO, Werner Vogel has already spoken about the benefits he has reaped from cloud computing in his company. Vogel advocated the services in a conference, stating, “the cloud has nothing to do with technology, the cloud is defined by all its benefits”.

While apps and gadgets can take care of data storage needs, for companies and startups the cost of download could be great, by investing in cloud services, this downtime can be prevented. According to Vogel, if Cloud services lower their costs and make tackle privacy issues, companies would advance at an alarming rate.

APILama

In search of the API Nirvana

Cloud Computing

APIs for Authentication: A journey

Related Links:

Build Your Own Udemy

There are more than one alternatives

It is not as hard as you may think