Secure RESTful API Automation With JavaScript

Jonathan LeBlanc
Jonathan LeBlancDirector of Developer Advocacy at Box
Secure RESTful API Automation With JavaScript Jonathan LeBlanc (@jcleblanc) Head of Developer Evangelism PayPal North America
Automation?
What JavaScript Can Feel Like
JavaScript Challenges
The Same-Origin Policy
Keeping Private Keys Private
Not Providing a Hacked Experience
How Did We Used to Do It?
Server-side Proxies
Flash / iFrame Proxies
Private Token Storage
Securing Content Negotiation
A Modern Approach OAuth 2 Tight Access Control CORS Easy Access Control
OAuth 2 User Agent Flow
User Agent Flow: Redirect Prepare the Redirect URI Authorization Endpoint client_id response_type (token) scope redirect_uri Browser Redirect Redirect URI
User Agent Flow: Redirect Building the redirect link var auth_uri = auth_endpoint + "?response_type=token" + "&client_id=" + client_id + "&scope=profile" + "&redirect_uri=" + window.location; $("#auth_btn").attr("href", auth_uri);
User Agent Flow: Hash Mod Fetch the Hash Mod access_token refresh_token expires_in Extract Access Token
User Agent Flow: Hash Mod Extracting the access token from the hash http://site.com/callback#access_token=rBEGu1FQr5 4AzqE3Q&refresh_token=rEBt51FZr54HayqE3V4a& expires_in=3600 var hash = document.location.hash; var match = hash.match(/access_token=(w+)/);
User Agent Flow: Get Resources Set Request Headers + URI Resource Endpoint Header: token type + access token Header: accept data type HTTPS Request
User Agent Flow: Get Resources Making an authorized request $.ajax({ url: resource_uri, beforeSend: function (xhr) { xhr.setRequestHeader('Authorization', 'OAuth ' + token); xhr.setRequestHeader('Accept', 'application/json'); }, success: function (response) { //use response object } });
CORS Easy Access Control
Cross Origin Issues and Options Access to other domains / subdomains is restricted (same origin policy) JSONP to request resources across domains Only supports HTTP GET requests Cross-origin resource sharing (CORS) Supports additional range of HTTP requests
Can you use it? http://caniuse.com/cors
How Does it Work? Site sends Origin header to server OPTIONS /v1/oauth2/token HTTP/1.1 Origin: http://jcleblanc.com Access-Control-Request-Method: PUT Host: api.sandbox.paypal.com Accept-Language: en-US Connection: keep-alive ...
How Does it Work? Server responds with matching Access-Control-Allow-Origin header Access-Control-Allow-Origin: http://jcleblanc.com Access-Control-Allow-Methods: GET, POST, PUT Content-Type: text/html; charset=utf-8
A Lil’ Bit O’ Automation
Uniform Interface Sub-Constraints Resource Identification Resources must be manipulated via representations Self descriptive messages Hypermedia as the engine of application state
Uniform Interface Sub-Constraints Resource Identification Resources must be manipulated via representations Self descriptive messages Hypermedia as the engine of application state
HATEOAS
How we Normally Consume APIs
Using HATEOAS to Automate
How HATEOAS Works You make an API request curl -v -X GET https://api.sandbox.paypal.com/v1/payments/authoriz ation/2DC87612EK520411B -H "Content-Type:application/json" -H "Authorization:Bearer ENxom5Fof1KqAffEsXtx1HTEK__KVdIsaCYF8C"
"links": [ { "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M", "rel":"self", "method":"GET" },{ "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M/capture", "rel":"capture", "method":"POST" },{ "href":"https://api.sandbox.paypal.com/v1/payments/ authorization/6H149011U8307001M/void", "rel":"void", "method":"POST" } ]
Object Chaining
Interactions Should be Stateless Send enough detail to not have to make another request to the API { "id": "PAY-17S8410768582940NKEE66EQ", "create_time": "2013-01-31T04:12:02Z", "update_time": "2013-01-31T04:12:04Z", "state": "approved", "intent": "sale", "payer": {...}, "transactions": [{...}], "links": [{...}] }
Resources and Representations Manipulate a concept (e.g. payment) with the intended state
Chaining Actions The first request builds the action object Subsequent calls manipulate the object var paymentObj = getPreAuth(paymentID) .getNextAction() .processNext(); //build pay object //next HATEOAS link //process action
In Summation… Security needs to allow you to work the browser security model Always assume statelessness Build to allow your developers to automate complexities
Thanks! Questions? http://www.slideshare.net/jcleblanc Jonathan LeBlanc (@jcleblanc) Head of Developer Evangelism PayPal North America
1 of 39

Secure RESTful API Automation With JavaScript

Download to read offline
TechnologyBusiness

Pragmatic RESTful API principles, along with a solid consumption architecture, can allow for a great amount of automation in your program development. At the same time, securing the application can be extremely tricky from JavaScript. In this session we will explore several principles behind RESTful API design and consumption using JavaScript, many of the standards that were integrated in the redevelopment of the PayPal API architecture in the new RESTful APIs. We will cover many of these architecture standards, including: - Building in action automation using HATEOAS - OAuth 2 in the JavaScript model - The challenges behind secure resource consumption through JavaScript

Jonathan LeBlanc
Jonathan LeBlancDirector of Developer Advocacy at Box

Recommended

RESTful API Automation with JavaScript by
RESTful API Automation with JavaScriptRESTful API Automation with JavaScript
RESTful API Automation with JavaScriptJonathan LeBlanc
5.5K views22 slides
Building an API Security Ecosystem by
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security EcosystemPrabath Siriwardena
1.9K views25 slides
Secure Your REST API (The Right Way) by
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Stormpath
218.8K views40 slides
Understanding and testing restful web services by
Understanding and testing restful web servicesUnderstanding and testing restful web services
Understanding and testing restful web servicesmwinteringham
2.2K views59 slides
The never-ending REST API design debate by
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debateRestlet
10.1K views93 slides
Best Practices in Web Service Design by
Best Practices in Web Service DesignBest Practices in Web Service Design
Best Practices in Web Service DesignLorna Mitchell
40.5K views38 slides

More Related Content

What's hot

REST API Design & Development by
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
1.3K views26 slides
Frisby Api automation by
Frisby Api automationFrisby Api automation
Frisby Api automationDineesha Suraweera
1.7K views20 slides
RESTful modules in zf2 by
RESTful modules in zf2RESTful modules in zf2
RESTful modules in zf2Corley S.r.l.
11K views28 slides
Building Beautiful REST APIs with ASP.NET Core by
Building Beautiful REST APIs with ASP.NET CoreBuilding Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreStormpath
2.2K views21 slides
Securty Testing For RESTful Applications by
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
15.2K views30 slides
Attacking REST API by
Attacking REST APIAttacking REST API
Attacking REST APISiddharth Bezalwar
438 views36 slides

What's hot(19)

REST API Design & Development by Ashok Pundit
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
Ashok Pundit1.3K views
Frisby Api automation by Dineesha Suraweera
Frisby Api automationFrisby Api automation
Frisby Api automation
Dineesha Suraweera1.7K views
RESTful modules in zf2 by Corley S.r.l.
RESTful modules in zf2RESTful modules in zf2
RESTful modules in zf2
Corley S.r.l.11K views
Building Beautiful REST APIs with ASP.NET Core by Stormpath
Building Beautiful REST APIs with ASP.NET CoreBuilding Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET Core
Stormpath2.2K views
Securty Testing For RESTful Applications by Source Conference
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
Source Conference15.2K views
Attacking REST API by Siddharth Bezalwar
Attacking REST APIAttacking REST API
Attacking REST API
Siddharth Bezalwar438 views
Secure Web Services by Rob Daigneau
Secure Web ServicesSecure Web Services
Secure Web Services
Rob Daigneau827 views
Pentesting RESTful webservices by Mohammed A. Imran
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
Mohammed A. Imran20.2K views
Rest api design by george reese by buildacloud
Rest api design by george reeseRest api design by george reese
Rest api design by george reese
buildacloud105.6K views
REST API Design for JAX-RS And Jersey by Stormpath
REST API Design for JAX-RS And JerseyREST API Design for JAX-RS And Jersey
REST API Design for JAX-RS And Jersey
Stormpath12.6K views
Rest API by Rohana K Amarakoon
Rest APIRest API
Rest API
Rohana K Amarakoon5.5K views
What is REST API? REST API Concepts and Examples | Edureka by Edureka!
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | Edureka
Edureka!1.6K views
Designing JavaScript APIs by Jonathan LeBlanc
Designing JavaScript APIsDesigning JavaScript APIs
Designing JavaScript APIs
Jonathan LeBlanc2K views
Restful webservices by Luqman Shareef
Restful webservicesRestful webservices
Restful webservices
Luqman Shareef2.1K views
Understanding REST APIs in 5 Simple Steps by Tessa Mero
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple Steps
Tessa Mero5K views
Securing REST APIs by Claire Hunsaker
Securing REST APIsSecuring REST APIs
Securing REST APIs
Claire Hunsaker6.9K views
Elegant Rest Design Webinar by Stormpath
Elegant Rest Design WebinarElegant Rest Design Webinar
Elegant Rest Design Webinar
Stormpath3.7K views
The Internet as Web Services: introduction to ReST by Bruno Kessler Foundation
The Internet as Web Services: introduction to ReSTThe Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReST
Bruno Kessler Foundation2.5K views
Rest API Security by Stormpath
Rest API SecurityRest API Security
Rest API Security
Stormpath11.7K views

Viewers also liked

Frisby: Rest API Automation Framework by
Frisby: Rest API Automation FrameworkFrisby: Rest API Automation Framework
Frisby: Rest API Automation FrameworkQuovantis
1.4K views11 slides
SeaJUG May 2012 mybatis by
SeaJUG May 2012 mybatisSeaJUG May 2012 mybatis
SeaJUG May 2012 mybatisWill Iverson
2.2K views29 slides
How to Choose an API Automation Tool for a Distributed Cloud-based App: To... by
How to Choose an API Automation Tool for a Distributed Cloud-based App: To...How to Choose an API Automation Tool for a Distributed Cloud-based App: To...
How to Choose an API Automation Tool for a Distributed Cloud-based App: To...Altoros
4.4K views11 slides
Design Summit - RESTful API Overview - John Hardy by
Design Summit - RESTful API Overview - John HardyDesign Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John HardyManageIQ
2.2K views37 slides
OpenERP 6.1 Framework Changes by
OpenERP 6.1 Framework ChangesOpenERP 6.1 Framework Changes
OpenERP 6.1 Framework ChangesOdoo
7.7K views57 slides
Crash Introduction to Modern Java Data Access: Understanding JPA, Hibernate, ... by
Crash Introduction to Modern Java Data Access: Understanding JPA, Hibernate, ...Crash Introduction to Modern Java Data Access: Understanding JPA, Hibernate, ...
Crash Introduction to Modern Java Data Access: Understanding JPA, Hibernate, ...Vladimir Bacvanski, PhD
3.2K views24 slides

Viewers also liked(20)

Frisby: Rest API Automation Framework by Quovantis
Frisby: Rest API Automation FrameworkFrisby: Rest API Automation Framework
Frisby: Rest API Automation Framework
Quovantis1.4K views
SeaJUG May 2012 mybatis by Will Iverson
SeaJUG May 2012 mybatisSeaJUG May 2012 mybatis
SeaJUG May 2012 mybatis
Will Iverson2.2K views
How to Choose an API Automation Tool for a Distributed Cloud-based App: To... by Altoros
How to Choose an API Automation Tool for a Distributed Cloud-based App: To...How to Choose an API Automation Tool for a Distributed Cloud-based App: To...
How to Choose an API Automation Tool for a Distributed Cloud-based App: To...
Altoros4.4K views
Design Summit - RESTful API Overview - John Hardy by ManageIQ
Design Summit - RESTful API Overview - John HardyDesign Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John Hardy
ManageIQ2.2K views
OpenERP 6.1 Framework Changes by Odoo
OpenERP 6.1 Framework ChangesOpenERP 6.1 Framework Changes
OpenERP 6.1 Framework Changes
Odoo7.7K views
Crash Introduction to Modern Java Data Access: Understanding JPA, Hibernate, ... by Vladimir Bacvanski, PhD
Crash Introduction to Modern Java Data Access: Understanding JPA, Hibernate, ...Crash Introduction to Modern Java Data Access: Understanding JPA, Hibernate, ...
Crash Introduction to Modern Java Data Access: Understanding JPA, Hibernate, ...
Vladimir Bacvanski, PhD3.2K views
Светлана Исакова «Язык Kotlin» by e-Legion
Светлана Исакова «Язык Kotlin»Светлана Исакова «Язык Kotlin»
Светлана Исакова «Язык Kotlin»
e-Legion2.4K views
MyBatis 개요와 Java+MyBatis+MySQL 예제 by 정완 전
MyBatis 개요와 Java+MyBatis+MySQL 예제MyBatis 개요와 Java+MyBatis+MySQL 예제
MyBatis 개요와 Java+MyBatis+MySQL 예제
정완 전1.7K views
SpringBoot with MyBatis, Flyway, QueryDSL by Sunghyouk Bae
SpringBoot with MyBatis, Flyway, QueryDSLSpringBoot with MyBatis, Flyway, QueryDSL
SpringBoot with MyBatis, Flyway, QueryDSL
Sunghyouk Bae2.1K views
MyBatis by Roman Dovgan
MyBatisMyBatis
MyBatis
Roman Dovgan1.2K views
Kotlin in action by Ciro Rizzo
Kotlin in actionKotlin in action
Kotlin in action
Ciro Rizzo3.7K views
A brief introduction to Realm with Kotlin by Leonardo YongUk Kim
A brief introduction to Realm with KotlinA brief introduction to Realm with Kotlin
A brief introduction to Realm with Kotlin
Leonardo YongUk Kim5.1K views
API TEST by copremesis
API TESTAPI TEST
API TEST
copremesis626 views
Web API Test Automation using Frisby & Node.js by Chi Lang Le Vu Tran
Web API Test Automation using Frisby & Node.jsWeb API Test Automation using Frisby & Node.js
Web API Test Automation using Frisby & Node.js
Chi Lang Le Vu Tran382 views
API Management Platform Technical Evaluation Framework by WSO2
API Management Platform Technical Evaluation FrameworkAPI Management Platform Technical Evaluation Framework
API Management Platform Technical Evaluation Framework
WSO22.7K views
Vitalis 2016 FHIR App Development by Ewout Kramer
Vitalis 2016 FHIR App DevelopmentVitalis 2016 FHIR App Development
Vitalis 2016 FHIR App Development
Ewout Kramer1.6K views
How to Design a Successful Test Automation Strategy by Impetus Technologies
How to Design a Successful Test Automation Strategy How to Design a Successful Test Automation Strategy
How to Design a Successful Test Automation Strategy
Impetus Technologies12.3K views
Test Automation Framework Design | www.idexcel.com by Idexcel Technologies
Test Automation Framework Design | www.idexcel.comTest Automation Framework Design | www.idexcel.com
Test Automation Framework Design | www.idexcel.com
Idexcel Technologies11.8K views
通往測試最高殿堂的旅程 - GTAC 2016 by Chloe Chen
通往測試最高殿堂的旅程 - GTAC 2016通往測試最高殿堂的旅程 - GTAC 2016
通往測試最高殿堂的旅程 - GTAC 2016
Chloe Chen534 views
Introduction to Test Automation - Technology and Tools by KMS Technology
Introduction to Test Automation - Technology and ToolsIntroduction to Test Automation - Technology and Tools
Introduction to Test Automation - Technology and Tools
KMS Technology25.1K views

Similar to Secure RESTful API Automation With JavaScript

Securing RESTful APIs using OAuth 2 and OpenID Connect by
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
49.2K views40 slides
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec... by
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
998 views151 slides
Pentesting web applications by
Pentesting web applicationsPentesting web applications
Pentesting web applicationsSatish b
12.4K views94 slides
API design principles for accelerated development by
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated developmentJonathan LeBlanc
3.9K views41 slides
Rest API Security - A quick understanding of Rest API Security by
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
1.2K views21 slides
UserCentric Identity based Service Invocation by
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocationguestd5dde6
1.2K views40 slides

Similar to Secure RESTful API Automation With JavaScript(20)

Securing RESTful APIs using OAuth 2 and OpenID Connect by Jonathan LeBlanc
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc49.2K views
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec... by CA API Management
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management998 views
Pentesting web applications by Satish b
Pentesting web applicationsPentesting web applications
Pentesting web applications
Satish b12.4K views
API design principles for accelerated development by Jonathan LeBlanc
API design principles for accelerated developmentAPI design principles for accelerated development
API design principles for accelerated development
Jonathan LeBlanc3.9K views
Rest API Security - A quick understanding of Rest API Security by Mohammed Fazuluddin
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin1.2K views
UserCentric Identity based Service Invocation by guestd5dde6
UserCentric Identity based Service InvocationUserCentric Identity based Service Invocation
UserCentric Identity based Service Invocation
guestd5dde61.2K views
An Introduction To REST API by Aniruddh Bhilvare
An Introduction To REST APIAn Introduction To REST API
An Introduction To REST API
Aniruddh Bhilvare25.1K views
WebApp #3 : API by Jean Michel
WebApp #3 : APIWebApp #3 : API
WebApp #3 : API
Jean Michel10.9K views
FIWARE ID Management by Miguel García González
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
Miguel García González1.9K views
FI-WARE Account and OAuth solution by Javier Cerviño
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
Javier Cerviño1.9K views
OAuth 2.0 and Library by Kenji Otsuka
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and Library
Kenji Otsuka177 views
Restful api by Anurag Srivastava
Restful apiRestful api
Restful api
Anurag Srivastava282 views
Adding Identity Management and Access Control to your Application by Fernando Lopez Aguilar
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your Application
Fernando Lopez Aguilar3.1K views
Protecting your APIs with Doorkeeper and OAuth 2.0 by Mads Toustrup-Lønne
Protecting your APIs with Doorkeeper and OAuth 2.0Protecting your APIs with Doorkeeper and OAuth 2.0
Protecting your APIs with Doorkeeper and OAuth 2.0
Mads Toustrup-Lønne1.9K views
REST APIs in the context of single-page applications by yoranbe
REST APIs in the context of single-page applicationsREST APIs in the context of single-page applications
REST APIs in the context of single-page applications
yoranbe1.1K views
Getting Started with Globus for Developers by Globus
Getting Started with Globus for DevelopersGetting Started with Globus for Developers
Getting Started with Globus for Developers
Globus 111 views
Web Service by Ashwani kumar
Web ServiceWeb Service
Web Service
Ashwani kumar217 views
ASP.NET WEB API Training by Chalermpon Areepong
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
Chalermpon Areepong3.4K views
CSRF: ways to exploit, ways to prevent by Paulius Leščinskas
CSRF: ways to exploit, ways to preventCSRF: ways to exploit, ways to prevent
CSRF: ways to exploit, ways to prevent
Paulius Leščinskas908 views
Single-Page-Application & REST security by Igor Bossenko
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
Igor Bossenko21K views

More from Jonathan LeBlanc

JavaScript App Security: Auth and Identity on the Client by
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJonathan LeBlanc
639 views34 slides
Improving Developer Onboarding Through Intelligent Data Insights by
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsJonathan LeBlanc
347 views23 slides
Better Data with Machine Learning and Serverless by
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessJonathan LeBlanc
435 views28 slides
Best Practices for Application Development with Box by
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
431 views42 slides
Box Platform Overview by
Box Platform OverviewBox Platform Overview
Box Platform OverviewJonathan LeBlanc
4.2K views96 slides
Box Platform Developer Workshop by
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer WorkshopJonathan LeBlanc
643 views96 slides

More from Jonathan LeBlanc(20)

JavaScript App Security: Auth and Identity on the Client by Jonathan LeBlanc
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
Jonathan LeBlanc639 views
Improving Developer Onboarding Through Intelligent Data Insights by Jonathan LeBlanc
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
Jonathan LeBlanc347 views
Better Data with Machine Learning and Serverless by Jonathan LeBlanc
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
Jonathan LeBlanc435 views
Best Practices for Application Development with Box by Jonathan LeBlanc
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
Jonathan LeBlanc431 views
Box Platform Overview by Jonathan LeBlanc
Box Platform OverviewBox Platform Overview
Box Platform Overview
Jonathan LeBlanc4.2K views
Box Platform Developer Workshop by Jonathan LeBlanc
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer Workshop
Jonathan LeBlanc643 views
Modern Cloud Data Security Practices by Jonathan LeBlanc
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
Jonathan LeBlanc621 views
Box Authentication Types by Jonathan LeBlanc
Box Authentication TypesBox Authentication Types
Box Authentication Types
Jonathan LeBlanc1.2K views
Understanding Box UI Elements by Jonathan LeBlanc
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI Elements
Jonathan LeBlanc1.3K views
Understanding Box applications, tokens, and scoping by Jonathan LeBlanc
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
Jonathan LeBlanc350 views
The Future of Online Money: Creating Secure Payments Globally by Jonathan LeBlanc
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
Jonathan LeBlanc554 views
Modern API Security with JSON Web Tokens by Jonathan LeBlanc
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc3.7K views
Creating an In-Aisle Purchasing System from Scratch by Jonathan LeBlanc
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
Jonathan LeBlanc498 views
Secure Payments Over Mixed Communication Media by Jonathan LeBlanc
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc678 views
Protecting the Future of Mobile Payments by Jonathan LeBlanc
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc1.8K views
Node.js Authentication and Data Security by Jonathan LeBlanc
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc2.9K views
PHP Identity and Data Security by Jonathan LeBlanc
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc32.5K views
Secure Payments Over Mixed Communication Media by Jonathan LeBlanc
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc1.3K views
Protecting the Future of Mobile Payments by Jonathan LeBlanc
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc10.8K views
Future of Identity, Data, and Wearable Security by Jonathan LeBlanc
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable Security
Jonathan LeBlanc1.4K views

Recently uploaded

iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...Bernd Ruecker
54 views69 slides
Business Analyst Series 2023 - Week 4 Session 7 by
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7DianaGray10
139 views31 slides
Business Analyst Series 2023 - Week 4 Session 8 by
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8DianaGray10
123 views13 slides
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...ShapeBlue
166 views28 slides
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ... by
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...ShapeBlue
119 views17 slides
The Role of Patterns in the Era of Large Language Models by
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language ModelsYunyao Li
85 views65 slides

Recently uploaded(20)

iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker54 views
Business Analyst Series 2023 - Week 4 Session 7 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10139 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10123 views
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ... by ShapeBlue
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
How to Re-use Old Hardware with CloudStack. Saving Money and the Environment ...
ShapeBlue166 views
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ... by ShapeBlue
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
Import Export Virtual Machine for KVM Hypervisor - Ayush Pandey - University ...
ShapeBlue119 views
The Role of Patterns in the Era of Large Language Models by Yunyao Li
The Role of Patterns in the Era of Large Language ModelsThe Role of Patterns in the Era of Large Language Models
The Role of Patterns in the Era of Large Language Models
Yunyao Li85 views
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue203 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil457 views
CryptoBotsAI by chandureddyvadala199
CryptoBotsAICryptoBotsAI
CryptoBotsAI
chandureddyvadala19940 views
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T by ShapeBlue
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
ShapeBlue152 views
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue by ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
2FA and OAuth2 in CloudStack - Andrija Panić - ShapeBlue
ShapeBlue147 views
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays56 views
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit... by ShapeBlue
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
Transitioning from VMware vCloud to Apache CloudStack: A Path to Profitabilit...
ShapeBlue159 views
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ... by ShapeBlue
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
Live Demo Showcase: Unveiling Dell PowerFlex’s IaaS Capabilities with Apache ...
ShapeBlue126 views
State of the Union - Rohit Yadav - Apache CloudStack by ShapeBlue
State of the Union - Rohit Yadav - Apache CloudStackState of the Union - Rohit Yadav - Apache CloudStack
State of the Union - Rohit Yadav - Apache CloudStack
ShapeBlue297 views
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P... by ShapeBlue
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
Developments to CloudStack’s SDN ecosystem: Integration with VMWare NSX 4 - P...
ShapeBlue194 views
DRBD Deep Dive - Philipp Reisner - LINBIT by ShapeBlue
DRBD Deep Dive - Philipp Reisner - LINBITDRBD Deep Dive - Philipp Reisner - LINBIT
DRBD Deep Dive - Philipp Reisner - LINBIT
ShapeBlue180 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21159 views
Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ by ShapeBlue
Confidence in CloudStack - Aron Wagner, Nathan Gleason - AmericConfidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
Confidence in CloudStack - Aron Wagner, Nathan Gleason - Americ
ShapeBlue130 views
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson160 views

Secure RESTful API Automation With JavaScript

Editor's Notes

  1. Keeping private keys private
  2. JSONP can cause XSS issues where the external site is compromised, CORS allows websites to manually parse responses to ensure security
  3. Behind the server scene, the server looks up the application in their records to verify that the application matches what is on file against the application location making the request
  4. Hypermedia as the engine of application state
  5. Resources must be manipulated via representations. This goes back to the stateless principles
  6. REST principle of using objects applied to chaining multiple objects together