Topic: Oauth2 // API : security issues (Read 162 times)
this is a very pertinent question and I'd like to know more as well. I haven't had any luck finding information on it anywhere within the forum. Security is becoming more of a recognized concern within blockchain.
Those APIs are not Bitcoin's APIs but rather specific service APIs. This is a problem for services and something for them to deal with, not the Bitcoin network.
We are evaluating security risks for our new bitcoin network. My sense is that the API calls are a real weak point. I don't see alternatives to Oauth2 and/or API keys.
Have others evaluated the relative risks for different protocols? I'm curious if it makes sense to be more imaginative in our API security or whether there are other API security approaches that have been considered in the community.
I'm looking over places like:
https://developers.coinbase.com/api/v2
https://www.luno.com/en/api
https://spectrocoin.com/en/integration/spectrocoin.html#/introduction/overview
In searching the bitcointalk archives, there doesn't seem to have been an extensive discussion of this issue. Is there a reason not to look more carefully at the entrance/exit of information from the network?
Have others evaluated the relative risks for different protocols? I'm curious if it makes sense to be more imaginative in our API security or whether there are other API security approaches that have been considered in the community.
I'm looking over places like:
https://developers.coinbase.com/api/v2
https://www.luno.com/en/api
https://spectrocoin.com/en/integration/spectrocoin.html#/introduction/overview
In searching the bitcointalk archives, there doesn't seem to have been an extensive discussion of this issue. Is there a reason not to look more carefully at the entrance/exit of information from the network?
Jump to: