We are evaluating security risks for our new bitcoin network. My sense is that the API calls are a real weak point. I don't see alternatives to Oauth2 and/or API keys.
Have others evaluated the relative risks for different protocols? I'm curious if it makes sense to be more imaginative in our API security or whether there are other API security approaches that have been considered in the community.
I'm looking over places like:
https://developers.coinbase.com/api/v2https://www.luno.com/en/apihttps://spectrocoin.com/en/integration/spectrocoin.html#/introduction/overview In searching the bitcointalk archives, there doesn't seem to have been an extensive discussion of this issue. Is there a reason not to look more carefully at the entrance/exit of information from the network?
