Essential Guide

API integration tutorial: Latest trends and strategies

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q
Problem solve Get help with specific problems with your technologies, process and projects.

How do I create a secure API for mobile?

As APIs gain importance in mobile delivery, the ability to create secure mobile APIs becomes critical. Matthew David walks us through the steps needed to create these secure APIs.

Security is often an issue that arises when dealing with mobile devices. And as APIs have garnered increased importance...

with regards to mobile development, the need to create a secure API for that development becomes important as well. Here we examine the steps needed to create a secure API for mobile.

Inherently, all mobile devices are insecure. The approach to developing mobile apps is to secure all of the parts at play. APIs are an effective way to deliver solutions across multiple platforms -- think of Google Maps, one of the most popular API libraries -- and it is good to develop a secure API for mobile, ensuring it's locked down tight.

There are several steps to achieving a secure API. They include:

  • Data at rest and data in transit. Your API will move data back and forth across the cloud and to devices. Leverage HTTPS to protect your data in transit and encrypt the data when at rest on the server and the client.
  • API keys. Create APIs that require developer registration. The focus for API keys is to lock down and know which apps are using your APIs. The API key is unique to each developer and should be stored on your server in Base64 encryption.
  • Oauth2. Oauth is a popular authentication format that has been improved with Oauth2, a token based authentication solution that is ideal for securing mobile
  • JWT (JSON Web Token). Take security of your API over the top through the inclusion of a JWT, a new specification that gives you the tools to create random tokens that can be published to devices, expire at a specific time and can hold JSON information

The goal is to protect the data on the cloud server as it moves to the API; use tools that ensure the data is encrypted as it is stored on a device; and, finally, only show data with the correct authentication. This level of security is required for a secure API for mobile. Easy, right?

Next Steps

Securing APIs need to become a top IT priority

API security moves to center stage

OAuth speeds up application development

Six tips to accelerate your API production

This was last published in January 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

API integration tutorial: Latest trends and strategies

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is the biggest problem you have encountered with mobile API security?
Cancel

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide

SearchWinDevelopment

Close