A how-to guide to OAuth & API Security

Make OAuth implementation simple for your organisation

Published September 2016

OAuth is an emerging Web standard for authorising limited access to applications and data. It is designed so that users can grant restricted access to resources they own—such as pictures residing on a site like Flickr or SmugMug—to a third-party client like a photo printing site.

In the past, it was common to ask the user to share their username and password with the client, a deceptively simple request masking unacceptable security risk. In contrast to this, OAuth promotes a least privilege model, allowing a user to grant limited access to their applications and data by issuing a token with limited capability.

Biting the hand that feeds IT © 1998–2022