Five essential user privacy principles for successful APIs


Blog vom

Restful Web APIs encourage the development of innovative apps. Such novel apps combine data from several sources to reach new markets and customers, enabling what is known as the API Economy. APIs, however, often expose sensitive user data. By adhering to the following five principles, your organization enters the API Economy complying with current best practices in user privacy.

1. Publish a simple privacy policy

The right to privacy is a human right that, for both legal and ethical reasons, must be a guiding principle in API Management. A privacy policy is, thus, a very important document that informs users how their personal data is dealt with. It includes, for instance, how information is collected and stored, what specific data is collected, and how it is shared with other organizations.

Besides fulfilling a legal requirement, a privacy policy must make the user trust your organization, for only by winning your users’ confidence, you convince them to use your services.

Thus, a long incomprehensible document is not enough. Your organization must provide users with an easy-to-understand privacy policy. If legal jargon is absolutely required, a complete version can be added.

Figure 1
Figure 1. Privacy policy in two versions

2. Always ask for user consent

The user must be in control of his/her own data. Before sharing sensitive data with other apps, your user must understand the risks and consent by giving explicit authorization. The only exception is when the app also belongs to your organization.

Figure 2. Explicit user consent (authorization)
Figure 2. Explicit user consent (authorization)

3. Let users review and remove existing authorizations

If it is important that users authorize that apps may access and change their data, it is equally important to let them review and revoke current authorizations.

Thus, you must offer an interface where your users can log on and review third-party app permissions. All authorized apps must be listed, as well as details such as the date authorization was given and which permissions were granted. Users can then choose to disallow apps they do not anymore use or want.

When an authorization is removed, the corresponding app may not anymore call your APIs to get information about the user.

Figure 3. Third-party app permissions and revocation
Figure 3. Third-party app permissions and revocation

4. Follow the Principle of Least Privilege

The Principle of Least Privilege states that only strictly necessary information and resources must be accessible by a given entity. In the API context, a third-party app must obtain only the permissions necessary to implement its features.

There are two main advantages to following this principle. First, you minimize user data transmitted. Second, it will result in more users opting to grant authorization, hence using the app.

To support the Principle of Least Privilege, all permissions available to apps must be carefully designed, based on a good understanding of the API audience and possible use cases.

5. Support well-known protocols, such as OAuth 2.0 and OpenID Connect

Supporting well-known protocols makes your APIs both:

  1. More popular, since existing libraries ease implementation.
  2. More secure, since such protocols and libraries are extensively reviewed by the internet community.

The OAuth 2.0 Authorization Framework is prevalent in Restful APIs. Standardized by the IETF, OAuth 2.0 targets the four points mentioned above:

  • Privacy policy and user consent: The “authorization endpoint” enables users to review the privacy policy and explicitly authorize third-party apps to obtain personal data or perform actions on the users’ behalf.
  • Authorization review and revocation: A system of revocable “access” and “refresh tokens” makes it possible to withdraw app authorizations at any time.
  • Principle of Least Privilege: OAuth “scopes” represent app permissions that can be tailored to your organization’s needs.

OpenID Connect is an extension of OAuth 2.0 that standardizes further important aspects. These include how third-party apps verify the identity of, and receive information about, your users.

Conclusion

The success of an API Initiative depends on your users’ trust. Thus, defining user privacy as a primary concern and following the above five principles is key to success in API management.


Lesen Sie auch

famous for integration