PL 400 : configure API security (Create custom connectors)

Security is always a concern in every development especially software development. The REST API is the popular choice for communication because it is lightweight, flexible and scalable, so security is an essential concern for API development, as hackers can easily compromise access control. The API works on the hypermedia transmission protocol so it is easy for hackers to steal legitimate user credentials and access business and financial data. Data breach remains a significant issue for business with loss of revenue and reputation, therefore, it is essential to protect APIs.

A connector is a proxy or a wrapper around an API.


 .

According to Microsoft, A custom connector is a wrapper around a REST API (Logic Apps also supports SOAP APIs) that allows Logic Apps, Power Automate, or Power Apps to communicate with that REST or SOAP API. Because APIs are used so much, and because they enable access to sensitive software functions and data, they are becoming a primary target for attackers. Therefore, Microsoft provides below standard authentication methods for APIs and custom connector and Azure Active directory is recommended:

  • Generic OAuth 2.0
  • OAuth 2.0 for specific services, including Azure Active Directory (Azure AD), Dropbox, GitHub, and SalesForce
  • Basic authentication
  • API Key

Generic OAuth 2.0:

OAuth 2.0 is the industry standard protocol for authorization. It is specifically for user authorization and is designed for an application that can store confidential information and maintain state. An appropriately authorized web server application can access the API when the user interacts with the application or the application is abandoned by the user.

OAuth 2.0 for specific services, including Azure Active Directory (Azure AD), Dropbox, GitHub, and SalesForce:

Many authentication providers allow a user to log in once and access services without having to re-enter authentication factors. The custom connector allows those identity providers to wire up the security process with providers such as Azure Active Director, Dropbox, GitHub and SalesForce.

Basic authentication:

Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends an HTTP request with an authorization header that consists of a base word followed by a space and a Base64-encoded string username:password.

API Key:

Some APIs use API keys for authorization. The API key is a token that the client provides when making an API call.

Comments

Popular posts from this blog

Exploring the Differences: Managed vs. Unmanaged Solutions in Dynamics CRM/Dataverse

PCF vs. Web Resources: Choosing the Right Extensibility Tool for Dataverse

Effective Strategies for Debugging Plugins in Dynamics CRM