11. Erik Wahlström
Technology Strategist
9/19/2013
11
How to protect an API using eID?
Web based APIs.
Protocol handlers.
Use browsers and OAuth2.
A token can be anything.
Alternatives to call an API:
Swedish Mobile BankID.
OAuth2 to authenticate using any other type of eID.
Bind two devices together to use smartcards on
smartphones.
31. Erik Wahlström
Technology Strategist
9/19/2013
31
Use your browser to authenticate
using any eID
OAuth2 industry standard to protect APIs.
Define a way to get a authorization to use an API.
A token or two is good.
Use the token to access the API.
Use OAuth2 and a browser dance to authenticate.
Enables any method and eIDaaS.