Bleeping Computer

Twitter is warning devs that API keys and tokens may have leaked

Twitter is emailing developers stating that their API keys, access tokens, and access token secrets may have been exposed in a browser's cache. In an email seen by BleepingComputer, Twitter explains ...
Dark Reading

Facebook Spam Botnet Promises 'Likes' for Access Tokens

Cyberattackers are using access tokens for legitimate Facebook apps as vehicles to spread spam on the apps' behalf. How do they do it? By tricking Facebook users into handing over their tokens in ...
Security Boulevard

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.