"OAuth has become standard practice for large social media APIs and it's becoming common across enterprise APIs. OAuth is good for your customers' security and experience making is critical if you want adoption on your API.
Over the past year, we've been talking OAuth with some of the leading API teams around the globe as they design their API security strategies, and we've participated in enlightening discussions with designers and developers on the API Craft google group. All these interactions have helped us build and refine our perspective. We've also received a lot of feedback that people want this stuff for their e-readers so we've pulled our ideas together in this e-book.
If you want to understand how OAuth fits with APIs and the emerging world of open platforms, its advantages and challenges, what role it might play for your products, and without having to know the fine details of the protocol, we hope you will find it useful.
Most of you will know what OAuth is and not need something like this... Until your boss, new project manager, QA member, senior management ask you, "What is this OAuth thing?" Then you'll thank apigee for providing you this free ebook... :)
OAuth has taken off as a standard way and a best practice for apps and websites to handle authentication.
OAuth is an open protocol for allowing secure API authorization from desktop and web applications through a simple and standard method. It manages handshakes between applications and is used when an API publisher wants to know who is communicating with the system. Many of the largest API publishers have implemented OAuth to handle write access to their APIs.
We titled it OAuth – The Big Picture because it does not attempt to compete with sites about the protocols as defined by RFC 5849 (OAuth 1.0) or OAuth 2.0 or explain the architecture and in-depth technical and implementation details of OAuth. There are many great sites and discussion groups (including wiki.OAuth.net and OAuth Google groups) that delve into the details of OAuth and the evolving specification.
Rather, this e-book is designed for those who want to understand OAuth, its advantages and challenges, what role it might play for their products, without having to know the fine details of the protocol. We hope it will be a guide for members of the business development team, product managers, technical evangelists, product architects, and so on who make strategic decisions about their API products.
This e-book discusses what OAuth is, how it works, and how it fits with APIs and the emerging world of open platforms. We take a look at the evolving OAuth specification and why implementing OAuth can be complex. We provide some recommendations for how to approach implementing OAuth to ultimately deliver a secure and great user experience for web and mobile apps.