The present disclosure relates to security and, more specifically, to authentication techniques for API-based endpoints.
Effective authentication methods are necessary to protect against fraudulent transactions. When a human user initiates a transaction, existing systems have methods for authenticating the user. For example, existing systems may require the user to provide (i) information only the user knows (e.g., password), (ii) information only the user has (e.g., ATM card), or (iii) information only the user is (e.g., a fingerprint). Such systems then may verify the identity of the user by comparing the user's provided information against verified information.
Problems, however, may arise when a transaction is initiated by an application instead of a human user. Many if not all user authentication methods, although effective against human imposters, are ineffective against API-based endpoints such as applications. Thus, if an imposter impersonates a requesting application or injects a third-party application into a transaction, then the imposter may be able to steer clear of existing authentication methods. Accordingly, new methods must be developed to protect against malicious activity that comes from an API-based endpoint.