PL 400 : configure API security (Create custom connectors)

Security is always a concern in every development especially software development. The REST API is the popular choice for communication because it is lightweight, flexible and scalable, so security is an essential concern for API development, as hackers can easily compromise access control. The API works on the hypermedia transmission protocol so it is easy for hackers to steal legitimate user credentials and access business and financial data. Data breach remains a significant issue for business with loss of revenue and reputation, therefore, it is essential to protect APIs.

A connector is a proxy or a wrapper around an API.


 .

According to Microsoft, A custom connector is a wrapper around a REST API (Logic Apps also supports SOAP APIs) that allows Logic Apps, Power Automate, or Power Apps to communicate with that REST or SOAP API. Because APIs are used so much, and because they enable access to sensitive software functions and data, they are becoming a primary target for attackers. Therefore, Microsoft provides below standard authentication methods for APIs and custom connector and Azure Active directory is recommended:

  • Generic OAuth 2.0
  • OAuth 2.0 for specific services, including Azure Active Directory (Azure AD), Dropbox, GitHub, and SalesForce
  • Basic authentication
  • API Key

Generic OAuth 2.0:

OAuth 2.0 is the industry standard protocol for authorization. It is specifically for user authorization and is designed for an application that can store confidential information and maintain state. An appropriately authorized web server application can access the API when the user interacts with the application or the application is abandoned by the user.

OAuth 2.0 for specific services, including Azure Active Directory (Azure AD), Dropbox, GitHub, and SalesForce:

Many authentication providers allow a user to log in once and access services without having to re-enter authentication factors. The custom connector allows those identity providers to wire up the security process with providers such as Azure Active Director, Dropbox, GitHub and SalesForce.

Basic authentication:

Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends an HTTP request with an authorization header that consists of a base word followed by a space and a Base64-encoded string username:password.

API Key:

Some APIs use API keys for authorization. The API key is a token that the client provides when making an API call.

Comments

Post a Comment

Popular posts from this blog

Powering Up Your Analytics: Exploring Power Query in Power BI

Image
Data is a valuable asset that has a profound impact on almost every aspect of modern life. Its proper collection, analysis and application can promote innovation, improve efficiency and solve complex challenges in various sectors. In data processing, ETL is a comprehensive process that includes data extraction, transformation, and loading, while Power Query is a specific tool that facilitates the "extract" and "transformation" aspects of ETL, allowing data to be collected and analyzed. Permission is granted to process. And reporting. is ready. It becomes easy to do this. Microsoft's ecosystem of products. Power Query is a data transformation and data preparation engine. Power Query is available in Microsoft Excel and Power BI. Power Query provides a user-friendly and intuitive interface for data professionals and analysts to access and manipulate data from various sources without the need for extensive coding or scripting. It allows users to connect to a wide ra
Read more

Power App Component Overview : Canvas App vs Model-Driven App

Image
The Power Platform is a suite of low-code/No-code tools and technologies developed by Microsoft and Power App is integral component of Power Platform. Power App is platform that enables users to build custom web and mobile applications with a visual interface and minimal coding. The platform support various data sources, including Microsoft 365, Azure Service, and many other, enabling users to integrate and interact with their existing data and systems. In Microsoft's Power Apps, there are two main types of apps that we can create: Canvas Apps: Canvas apps provide a blank canvas where you can design highly customizable applications with a drag-and-drop interface.  Model-Driven Apps: Model-driven apps are built on top of the Dataverse, which provides a set of pre-built data entities and business logic. There are few key technical difference between Canvas App and Model Driven App: During the usability analysis, these high-level technical differences need to be considered. The choi
Read more

Exam PL-400: Microsoft Power Platform Developer

 Create a technical design (10-15%) Validate requirements and design technical architecture design and validate the technical architecture for a solution design authentication and authorization strategy determine whether you can meet requirements with out-of-the-box functionality determine when to use Logic Apps versus Power Automate flows determine when to use serverless computing, plug-ins, or Power Automate determine when to build a virtual entity data source provider and when to use connectors Design solution components design a data model design Power Apps reusable components design custom connectors design server-side components Describe Microsoft Power Platform extensibility points describe Power Virtual Agents extensibility points including Bot Framework skills and Power Automate flows describe Power BI extensibility points including Power BI APIs, custom visuals, and embedding Power BI apps in websites and other applications describe Power Apps portal extensibility points incl
Read more