How to secure my applications API that uses Sign In with Twitter?


#1

I’m developing an application which uses “Sign in with Twitter” functionality as the login mechanism. As part of this application I’d like to develop an API for users to interact with aswell.

My question then is how would I go about securing my API? Would I need to provide my own security mechanism? or would there be a way for the developer to reuse the 0Auth keys they have already granted my application?


#2

Is this application going to be securely running on a server somewhere? What are you using for the back-end programming?


#3

Sorry, yea, it will be on a server and is developed in ASP.NET MVC C# using a SQL Server database. It likely won’t be using SSL, so need a mechanism that’ll work over regular HTTP.


#4

The API doesn’t require SSL, but it’s recommended that you use it anyway – it will surely someday become a requirement.

You shouldn’t need to worry about the security of your keys too much in this context as long as you keep them securely stored on your server and do not allow them to leak to the public.


#5

Sure, and they would be safe, but the question is could / should I allow users of my app to use the keys as a way to secure access to my API? Or do I need to provide my own security protocol?


#6

Dear sir,
I would like to inform that I am a developer working in company. I have created an application in asp.net and want to sign up as sign in my application through linkedin and twitter IDs and getting user details like name, username, email address & mobile number etc. I showing an exception at verification of access token… Please guide me.

Thanks and regards,
Madan Sharma