Security Best Practices for third party access to APIs

Security is not my forte.

We are looking at a third party application for Webinars that would gather data on their end and then create/update leads in SugarCRM via a "Scribe" Connector.

What are the security implications of such a system?

Anyone have some best practices documents they can share?

Any good/bad stories by others who have done this before?

thanks,
FrancescaS

Parents

0 Jason Smith over 7 years ago

Hello FrancesacS,
Are you trying to use a prepackaged connector or are you trying to build it? If the former, I would just review the developer's documentation.
In any case, if they are using our current Rest v10 API, we use oAuth2 to create our tokens and this is very secure for the most part. Seeing as it's just adding data to Sugar instead of pulling, it's less of a risk.
Jason Smith
Cancel
Vote Up 0 Vote Down

Sign in to reply

Reject Answer

Cancel

Reply

0 Jason Smith over 7 years ago

Hello FrancesacS,
Are you trying to use a prepackaged connector or are you trying to build it? If the former, I would just review the developer's documentation.
In any case, if they are using our current Rest v10 API, we use oAuth2 to create our tokens and this is very secure for the most part. Seeing as it's just adding data to Sugar instead of pulling, it's less of a risk.
Jason Smith
Cancel
Vote Up 0 Vote Down

Sign in to reply

Reject Answer

Cancel

Children

0 Francesca Shiekh over 7 years ago in reply to Jason Smith

We are considering a web-conference cloud solution that would store information about attendees. We will then push/pull that data in Leads via API. If we give them what they need to push data, wouldn't they also be able to pull data if they wanted to?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel