Prototypically, Tesco’s innovation leader Nick Landsley is taking a proactive step with the deployment of their development interface.
A couple of weeks ago he declared in his blog (“Tesco API will be adopting 'OAuth' standard”) his concerns on API security: How is it possible to avoid that third parties get access to customer login data?
"The Tesco.com API will be adopting the 'OAuth Core 1.0 Revision A' standard for third-party web access to customer accounts.
OAuth, short for 'Open Authorization', is an open protocol to allow secure API authorisation in a simple and standard method from desktop and web applications.
Why is this good? Quite simply, customers will not have to give third party web sites their Tesco.com grocery login email address and password in order for that web site to have access to that customer's product range and basket.
Instead, customers will give permission using a 'key' linked to their account. The key can be withdrawn at any time without the customer having to reset their password."
OAuth, short for 'Open Authorization', is an open protocol to allow secure API authorisation in a simple and standard method from desktop and web applications.
Why is this good? Quite simply, customers will not have to give third party web sites their Tesco.com grocery login email address and password in order for that web site to have access to that customer's product range and basket.
Instead, customers will give permission using a 'key' linked to their account. The key can be withdrawn at any time without the customer having to reset their password."
The task to make the use of “OAuth” palatable for users shouldn’t be underestimated.
Tesco is one of the first of the large and established retailers who is opening up an API for external developers. The beta version of the API should be available soon.
Originally posted in German by Jochen Krisch, adapted for excitingcommerce.com by Jason Soo.
Comments