|
|
|
|
|
|
by perlgeek
3073 days ago
|
|
|
Ideally you use some kind of time-limited API tokens, and find a way to automatically distributed new API tokens, before the old ones expire. That way, the breach of a single device doesn't immediately give the attacker unlimited access to the API. You should also monitor for unusual activity, and blacklist API keys and devices with such activity. |
|
|