Security Best Practices for third party access to APIs

Security is not my forte.

We are looking at a third party application for Webinars that would gather data on their end and then create/update leads in SugarCRM via a "Scribe" Connector.

What are the security implications of such a system?

Anyone have some best practices documents they can share?

Any good/bad stories by others who have done this before?

thanks,
FrancescaS

Parents
  • Hello FrancesacS,

    Are you trying to use a prepackaged connector or are you trying to build it? If the former, I would just review the developer's documentation. 

    In any case, if they are using our current Rest v10 API, we use oAuth2 to create our tokens and this is very secure for the most part. Seeing as it's just adding data to Sugar instead of pulling, it's less of a risk. 

    Jason Smith

  • We are considering a web-conference cloud solution that would store information about attendees. We will then push/pull that data in Leads via API. If we give them what they need to push data, wouldn't they also be able to pull data if they wanted to?

Reply
  • We are considering a web-conference cloud solution that would store information about attendees. We will then push/pull that data in Leads via API. If we give them what they need to push data, wouldn't they also be able to pull data if they wanted to?

Children
No Data