API Integrations - Learning and early adaptations - An approach defined from gartner

 API integrations, or Application Programming Interface integrations, involve connecting different software systems or applications to allow them to communicate and share data with each other. This enables the creation of more robust and feature-rich applications by leveraging the functionality of existing services and platforms. Here are some key points to consider when working with API integrations:

1. Types of APIs:

   • RESTful APIs: Representational State Transfer APIs use HTTP requests to perform CRUD (Create, Read, Update, Delete) operations on resources, making them one of the most common types of APIs.
   • SOAP APIs: Simple Object Access Protocol APIs are protocol-based and use XML for communication. They are often used in enterprise-level integrations.
   • GraphQL APIs: This query language for APIs allows clients to request exactly the data they need, potentially reducing over-fetching or under-fetching of data.
   • Third-Party APIs: These are APIs provided by external services, such as social media platforms, payment gateways, or mapping services.

2. Authentication and Authorization:

   • Most APIs require authentication to ensure that only authorized users or applications can access the data or services.
   • Common authentication methods include API keys, OAuth, and JWT (JSON Web Tokens).

3. Rate Limiting:

   • Many APIs implement rate limiting to prevent abuse and ensure fair usage. Be aware of rate limits and handle rate-limiting errors gracefully in your integrations.

4. Error Handling:

   • APIs can return errors for various reasons. It's important to have robust error-handling mechanisms in place to handle and log errors gracefully.

5. Data Format:

   • APIs often use JSON or XML for data interchange. Ensure that your integration can parse and format data in the required format.

6. Documentation:

   • Thoroughly read and understand the API documentation provided by the service you're integrating with. It provides information on endpoints, request and response formats, and usage guidelines.

7. Testing:

   • Test your API integration thoroughly in a development or staging environment before deploying it in a production setting.

8. Security:

   • Implement security best practices, such as data encryption, to protect data exchanged through the API.

9. Monitoring and Logging:

   • Set up monitoring and logging to track the performance and behavior of your API integrations. This helps in identifying issues and ensuring smooth operations.

10. Versioning:

    • APIs can evolve over time. It's a good practice to specify the API version in your integration to prevent compatibility issues when the API provider releases updates.

11. Compliance and Regulations:

    • Be aware of any legal or regulatory requirements related to data handling and privacy, especially when dealing with sensitive data.

API integrations are a powerful way to extend the functionality of your applications, but they also come with responsibilities. Proper planning, testing, and ongoing maintenance are essential to ensure the reliability and security of your integrations.

Digital Trust

 

What is Digital Trust?

• Digital trust is the confidence users have in the ability of people, technology and processes to create a secure digital world. 
• Digital trust is given to companies who have shown their users they can provide safety, privacy, security, reliability, and data ethics with their online programs or devices.

Today's Problem

• Digitisation is constantly evolving and changing yet not implemented to fullest
• Some transactions involve a mixture of conventional and digital methods
• Control is lost when data is online
• Fear of frauds, hacks, loss, breach, and so on
• Uncertainty due to lack of awareness 
• Solution? 

Need of Digital Trust

• Legal dependence on email or other digital documents
• Make payments online, integrating bank accounts
• Have a reliable and auditable digital systems
• Trust online presence of unknown companies (remote working), restaurants, hotels for online bookings. 
• Negotiate contracts online

Concepts of Digital Trust:

Technical Requirements

• Unique Identity access management
• Public Key Infrastructure (PKI) for digital certificates
• Federated trust between organisations 
• Trusted time-stamping service for digital signatures
• e-assurance service provider
• Archiving

Privacy 

• Encryption 
• Data collection justification - Ex.: "Not for marketing email", "Do not pass to 3rd parties", "For credit reference only', etc.
• Data Retention & Disposal - Expiration date, deletion & purging
• Digital signature by the original data issuer
• Data Tagging - Define purposes to be marked in the record 
• Consent and Disclaimers

DRM

• With latest technology and application to be able to facilitate a way to digitally manage and implement Digital trust
• Reasonable prevention of printing, copying, forwarding etc. Ex: Aadhar Validation
• Convergence of the technologies used for signing with DRM. Ex: Docusign 

Legislative Requirements

• Governmental, Judicial and Law enforcement support
• Framework for recognition of digital assurance services 
• Pass laws and standards 
• Monitor and Regulate

Building Digital Trust

Attributes of Digital Trust - An Example

Building Digital Trust

• System Rules, which govern the interactions between members 
• A Legal Structure, which identifies the rights, responsibilities, and liabilities associated with participation in the federation, 
• A way of Establishing Conformance across its members, and 
• A way of Recognising that Conformance.

System Rules 

• A fundamental purpose for building trust frameworks is to define the identity management operations and technical requirements needed to support the identity federation and to clearly assign responsibility for performing those operations. 
• Since federation members expect and need to trust those identity management operations, the identity management operations of the federation are typically presented as requirements or rules. 
• The federation members responsible for performing specific operations are expected to demonstrate conformance with the rule set specific to their role.

Legal Structure 

• Trust frameworks present the operational and technical requirements for federated Identity management, and must also provide the legal basis to bind those requirements to federation members. Identity federation members voluntarily agree to participate in the federation and follow the trust framework rules. 
• While there are varying means to bind members to federation rules, the most straightforward and common method is through contract or agreement. 
• Members become legally bound to the trust framework rules through signed agreements to comply with the operational and technical rules as well as the legal rules, rights, and obligations of federation members. 
• Therefore, trust frameworks and associated member agreements form a contract-based legal structure which applies to all federation members. This legal obligation is critical for providing the assurance and trust for the federated identity system.

Establishing Conformance 

• Establishing and enforcing conformance amongst its members to its set of agreements and operating rules is vital to an identity federation’s functioning. Conformance is the degree to which a federation member has implemented, and is adhering to, the rules of the federation. 
• The amount of rigor, and therefore burden, an identity federation requires of its participants in demonstrating conformance to its trust framework should be commensurate with the degree of risk it is designed to address. 
• Frameworks that accommodate different kinds of transactions, with differing amounts of risk, may choose to offer multiple levels of conformance based on a graduated set of rules and requirements. It provides options a Federation Administrator may consider when defining how they will establish conformance amongst its members.

Recognising Conformance 

• Conformance recognition is the process by which identity federations enable their participants to communicate alignment with the technical rules and legal stipulations of the framework. 
• It is done only after completion of the selected conformance testing process. It is not enough for federation participants to simply establish their conformance; they must also be able to communicate that conformance to other federation members. 
• In addition to establishing cross-boundary trust, enabling discovery of approved services and entities, and—in some cases—promoting a competitive service market, trust frameworks must also be able to support mechanisms for the communication and recognition of conformance. 
• There are many ways this can be achieved, ranging in complexity from a simple registry or listing service, to trust marks and digital certificates. There are even emerging approaches that seek to express federation conformance through dynamic and machine readable mechanisms to allow for real time federation and inter-federation

Summary

Building Digital Trust in closed-context boundaries like within an organisation. 

Building Digital Trust in open-context to co-exist with your system like inter-organisational trust.

With the dynamic changing needs of modern digitisation of daily lives, trust becomes an important factor.

World has been evidencing many breaches of trust in today’s world. 

Understanding digital trust is a good step to become more trustworthy in digital world.