Securing PHP APIs with Decentralised Identity Tokens

Mohammad Shahbaz Alam

Friday 18 June 2021 from 11:45 to 12:30

Talk in English - UK at Dutch PHP Conference 2021 - Online Edition
Short URL: https://joind.in/talk/4e472 (QR-Code (opens in new window))

Avg. Rating

The APIs keeps changing, and the programming languages like PHP and Frameworks like Laravel are shifting the paradigm of API consumption. We often dedicate a lot of time to craft powerful APIs but overlook proper security measures. Setting up an authentication layer is, without a doubt, one of the most challenging yet necessary tasks within any web application. In this talk, we’ll look at proper ways to secure our PHP APIs with Decentralised Identity Tokens. We’ll go from learning what Decentralised Identity standards are, how the users’ identities are self-sovereign by leveraging blockchain public-private key pairs, why they’re the future of API security, and to put theory into practice we will build a real-world implementation using PHP where I’ll show common best practices.

What you'll learn from this talk:
- How to write efficient and highly scalable APIs in PHP.
- What is Decentralised Identity Token?
- How the user's identity is self-sovereign?
- A better approach in making the Internet secure by not using passwords
- How to use blockchain's public-private key in the user authentication?

Comments

Comments are closed.

Martijn van de Beek at 12:34 on 18 Jun 2021

What I learned mostly of this talk is how the product Magic can be implemented and how it works. The security aspect and benefits of DID are taking a bit of a back seat. If the introduction of Magic had a higher priority then this fine. If not I would suggest to change it up a bit and skip the demo of how you create an api and add Magic to it.

You show a lot of text and code in your slides and you pass trough them rather quickly. I would suggest to show a bit less text and keep them longer on screen.

Quick tip. A REST API is more than a simple CRUD. If you name it a json API you can prevent some misconceptions. But that is just a pet peeve of mine ;-)

Erwin Deckers at 14:46 on 18 Jun 2021

It felt more like an ad than a conf talk.

Frits van Tiel at 15:59 on 18 Jun 2021

Sales talk

Mark Baker at 11:19 on 19 Jun 2021

Very much a sales pitch: and while the talk showed how to implement Magic, I didn't really get any understanding of why I should want to do so, what benefits it might give over other alternative approaches to authentication.
There was too much code on the slides, making them almost impossible to read; and most of the questions were answered simply be pointing people to the documentation, or white papers.

Jordy Kiesebrink at 12:51 on 21 Jun 2021

I'm still confused about the added value of Magic. I had hoped that we would go more in-depth and talk about the whole concept of decentralized tokens. It now felt more like a cheap sales pitch and hands-on implementing their solution.