In real word context, there may be requirements to integrate external ( 3rd party ) mobile apps in to the principle app. The principle app basically facilitates with providing the customer base including it's own feature set. See the Figure 1
Figure 1 - 3rd Party integrations of mobile apps under one hood.
Identification of Information flow of such integration is very crucial. Token based authentication can be used in such integration. The Auth token is based on encrypted mobile no or email account or user account and the token generation time. See the Figure 2
Key considerations during the implementation.
1. Proposed token based authentication only for the 3rd party app servers not for the parent app's customer authentication. Customer authentication of parent app is it's own responsibility.
2. Use the session storage of Parent App's to pass the auth token to 3rd party Web-UI / Native UI
3. Stateless Token generation based on same encryption key deployed among all auth server nodes.
4. API security assessment and vulnerability assessment by internal and external audit teams.
5. Align with Government regulations and Central bank regulations.
6. Load testing and rate limiters.
7. HTTPS based integrations
8. IP whitelisting to avoid unauthorized calls.
9. API Gateway based integration among services.
10. Parent App request the customer consent to share account details during authentication
Wynn Palace Fountain | Casino Review 2021 | CasinoBettor 카지노 가입 쿠폰 카지노 가입 쿠폰 제왕카지노 제왕카지노 메리트카지노 메리트카지노 109The Best Salsa Recipes | The Best Salsa Recipes
ReplyDelete