“You gotta talk the talk before you can walk the walk”
A key factor in your success as a Product Manager is the ability to insert yourself into any department in your organization and eloquently communicate your thought processes. Time in and time out, we have found that a major hindrance in a PM’s ability to do their job well is being unable to properly speak with their engineering team, specifically. We’ve spent long hours curating a list of terms for our Kloudless SaaS Integration Glossary, and we believe that product managers everywhere can benefit from this extensive list of vocabulary words.
So, for the sake of helping you get on the same page as the people you work closely with, we are glad to announce our new monthly blog post, Step Your Vocab Up.
On the last Wednesday of each month, we will do our best to help you expand your vocabulary on different aspects of software development to aid in becoming the best Product Manager you can be. Some of the upcoming topics we’ll cover will be authentication, API architecture, events, and agile methodology.
So sit back, grab a comfy seat, and let’s jump into the first edition of our new series with a dive into all things authentication!
Don’t Hate. Authenticate!
Authentication is pretty much non-negotiable in web applications these days. Every day, over 6,000,000 data records are lost or stolen in data breaches, and bad actors constantly step up their pursuit of these records. We all keep our sensitive data online, and applications tasked with storing this data are ever-increasingly held to a high standard when it comes to the safety of said information. As a result, most sites and services employ some form of authentication to ensure the identity and credentials of a user before allowing them access to their private data.
When building out your product, your team of developers will inevitably be entrusted with implementing a level of security that is up to the task. Learning the following terms will ensure that you will be able to keep up when the discussion of authentication in your application begins.
The last thing you want is to sit down with your dev team and constantly be confused by the terminology getting thrown around. So let’s talk about some of the major authentication terms and clear up their meanings and responsibilities.
Access Token – Access tokens are credentials that identify a user and their privileges. An access token can be used to access an API, either as an opaque string or a JSON web token. They relay to the API that the bearer of the token has been cleared and authorized to access the API and perform specific actions that are governed by the scope that has been granted. They are an integral part of the OAuth 2.0 authentication protocol. Access tokens are short-lived and must be kept refreshed with a refresh token.
Bearer Token – Bearer tokens are a type of access token (see above) created by the Authentication server. When a user authenticates an application, the authentication server will follow an authorization flow to verify the user’s identity. The server will respond with a Bearer Token that can be used to make API requests on behalf of the user. A Bearer Token is generally a secret value created by the authentication server and not a random value.
Refresh Token – Refresh tokens exist to make sure a user is still engaged in a session, and not left authenticated after they may have finished using an application. A developer exchanges a refresh token for a renewed access token in order to access a secured resource. A refresh token essentially provides ongoing authentication if or until it is blacklisted by an authentication server.
API Key – The API Key allows you to make authorized requests to any account connected to your application. It is therefore not recommended to use API Keys for purposes other than development and testing unless you take precautions to ensure that your app’s users do not access each other’s data. With Kloudless, one way to do this is to create a new Kloudless Application programmatically for each user via the Meta API. Only that user’s accounts would then be accessible via that application. Click here to read about popular cloud apps’ authentication schemes.
Header – The header is what’s sent preceding the body of an HTTP request or response. Headers tell the interface information about the incoming request; the data-type, authorization information, additional info needed to help interpret the request.
OAuth – OAuth stands for Open standard authorization framework. OAuth grants access on behalf of an end-user without directly sharing credentials. OAuth is commonly used as a way for internet users to grant websites or applications access to their information without giving them the passwords.
OAuth 2.0 – OAuth 2.0 is a commonly implemented authentication protocol that allows for the interactivity of applications without the provision of a password. By using refreshing web tokens, OAuth 2.0 allows consumers to prove their identity to service providers.
White Label – White label refers to the process when a product or service produced by one company is rebranded to make it appear as if another company had made it. Kloudless allows it’s UI tools to be easily white-labeled, leaving end-users of applications using Kloudless unaware of Kloudless’ role in the API authentication process.
While this should clear up some of the more popular terms, by no means is this everything you need to know in order to understand how your application will tackle authentication. We suggest you dive deeper into each term outlined in this article and research popular opinions on the implementation of each. The more you learn about these important terms, the better off you will be when it comes to orchestrating the building of your product.
We’re not done yet, though! We’ve put together a comprehensive list of over 300 terms in our new SaaS Integration Glossary for the sake of keeping you as informed as possible on everything integration related. Head over now to start beefing up your vocabulary!