|
|
|
|
Ideas to secure an API?
|
|
3 points
by vkeenan
2796 days ago
|
|
|
Dear Hackernews – Our startup has an API that uses our proprietary database to assist in retail commerce. The API is ready to go, and we have OEM customer interest, but we are reluctant to leave a sandbox open for developers. The caution comes from the fact one needs access to our proprietary information just to test how our API works in a live retail transaction. We are using API keys, but I'm wondering if I need a more thorough security model. We are in a baby industry that’s growing very quickly with a lot of potential OEM customers, and we’re concerned about getting hooked up with a player who could just crawl our database, ignore any signed agreements and take our proprietary data. We have a developer agreement that should protect us, and our database needs constant work to be up-to-date, but we are way to small to seriously pursue any remedies if anyone wants to screw with us. My developer instinct is to put the API out there to find consumers, but our distribution must balance with this proprietary database issue. Does anyone with a similar experience care to share their solution to this API-first startup issue? Bizdev and tech ideas invited… |
|
|