I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
HMAC is one more security layer in your API defence but when used from a Mobile App to talk with an API it can be defeated as explained on this article.
Despite HMAC can be defeated is better to use it with the JWT token than using only an API key or basic authentication.
For more techniques in defending your API please check this series of articles written by some of my colleagues at work.
Without reading the article, I have to say that I'm skeptical basic authentication is somehow more secure then HMAC. But I am not an expert in matters of security. I will add the referenced article to my reading list. Thanks for the share!
I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
Sorry but I have not said that basic authentication is better than HMAC I was trying to say that despite HMAC can be defeated is better to use HMAC than basic authentication... I will edit my reply to make it clear.
I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
HMAC is one more security layer in your API defence but when used from a Mobile App to talk with an API it can be defeated as explained on this article.
Despite HMAC can be defeated is better to use it with the JWT token than using only an API key or basic authentication.
For more techniques in defending your API please check this series of articles written by some of my colleagues at work.
Without reading the article, I have to say that I'm skeptical basic authentication is somehow more secure then HMAC. But I am not an expert in matters of security. I will add the referenced article to my reading list. Thanks for the share!
Sorry but I have not said that basic authentication is better than HMAC I was trying to say that despite HMAC can be defeated is better to use HMAC than basic authentication... I will edit my reply to make it clear.
My apologies for the misunderstanding!
I am glad you pointed it because after I read it again I have to admit that was confusing.
Thanks