Cloud application programming interfaces allow software developers to create code that interfaces with a cloud...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
provider's services. But while critical to cloud applications, APIs also have an attack surface that can potentially compromise sensitive business data. This means providers and software developers need to prioritize cloud API security.
Sessionless security practices enable better scalability in the cloud
First, tactics like including a username and password in the body of data or in simple object access protocol headers is not secure. Instead, developers should use sessionless security practices such as HTTP authentication, token-based authentication or Web Services Security. Sessionless security also enables better scalability for the cloud service because any server can handle user requests without sharing sessions between them.
Developers should determine whether an API performs secondary security checks, such as verifying the user has appropriate permission to view, edit or delete services and data. Once initial authentication is cleared, developers often overlook secondary security strategies.
Cloud providers and developers should test cloud API security against common threats, such as injection attacks and cross-site forgery. For the cloud service providers creating the APIs, testing is especially critical. However, users should independently verify cloud API security, as it's critical for auditing and compliance.
If encryption keys are part of the access and authentication methodology for API calls, store the keys securely and never code them into a file or script.
Perform API change reporting
While security is a key part of cloud API construction and use, it's also important to consider change logging and reporting features. These features help track user access to cloud resources, as well as data and configuration changes.
A software developer invokes one or more cloud API calls to change cloud-hosted data, launch new compute instances and alter the resources provisioned to a cloud instance. Each of these activities should produce a log trail that developers can conveniently access. Comprehensive logging can be critical for auditing, legal discovery and other compliance issues.
About the author:
Stephen J. Bigelow is the senior technology editor of the Data Center and Virtualization Media Group. He can be reached at email@example.com.
Considerations for effective API design
Without standard cloud APIs, what should a cloud developer do?
Picking the right cloud provider API
Related Q&A from Stephen J. Bigelow
Photon Controller and vSphere Integrated Containers both manage containers, but in different ways. What's the difference between these utilities, and...continue reading
Photon OS optimizes VMware Photon platform deployment, not only in vSphere but in GCE, EC2 and more. Follow these steps to learn how to run Photon OS...continue reading
Performance problems can be caused by a number of things, including overprovisioning and poor vCPU selection and assignment to VMs. Use these ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.