Authentication and authorization fora commercial service API
No Thumbnail Available
URL
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu |
Master's thesis
Authors
Date
2020-08-18
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3084
Degree programme
Master’s Programme in Computer, Communication and Information Sciences
Language
en
Pages
52
Series
Abstract
The broad range of different Software Development companies sooner or later come to the idea of creating company’s own API, which can be accessed by specific range of users with explicit access. This API should be protected from external attacks and support modern authentication protocols to cover broader range of customers. However, creating new architectural solution for API is extremely time-consuming task and usually companies use 3rd party solutions for resolving major part of problems. Currently, there are multiple free or semi-free products available to provide protected access to specific resources or handle incoming requests, nevertheless, just as the companies have their own needs and features, so provided solutions have their own props and cons. Often, companies can not decide, which solution is more suitable for them and where they should pay special attention. This thesis work is focused on defining general goals of publicly available API protection and demonstrating example solution, implemented for case-study company, according to this company’s features and architecture, based on modern Software Development Architectural solutions, such as Kubernetes and Docker. The results illustrate how modern cloud solutions can be applied to secure publicly available API and integrated into live company without structural and performance losses.Description
Supervisor
Aura, TuomasThesis advisor
Vainikainen, TommiKeywords
API, authentication, authorization, security