Microsoft has introduced a new Publish API for developing extensions for its Edge web browser. It is intended to provide functions for increased security and is currently available as an option.
Advertisement
The latest from Google: Mobile phones will ‘change’ when it’s hot or coldThis innovation comes as part of the Microsoft Secure Future Initiative (SFI). The SFI is in existence since November 2023 with the aim of reducing or preventing IT security incidents.
Four new security features
As Microsoft explains in a blog entry, the Publish API brings four fundamental changes. First, the secrets are now API keys: using the Publish API, API keys are automatically generated by Microsoft’s backend services, so that they, like ClientIDs, are regenerated for each developer and hence security is increased because static Access data is no longer needed. Second, API key management is changing: only hashes of API keys are created and deleted in the database, so sensitive information is not stored directly.
Third, the Publish API does not require sending an access token URL, but instead generates the URL internally – reducing the risk of sensitive information being exposed. Microsoft says this may require updating the CI/CD pipeline configuration. And finally, the fourth innovation the Publish API introduces is that the API key expires after 72 days. Earlier this period was two years. Developers should be regularly warned by email about API key expiration.
Opt-in to Publish API
Developers who want to use the Publish API can do so in the Partner Center. The new API can be activated there as an opt-in feature on a voluntary basis. The ClientID and secrets must then be regenerated, resulting in an updated authentication workflow. CI/CD pipelines must be configured if they are affected by changes to the access token URL and API key.
Due to increased security, extension developers are encouraged to switch to the new API as soon as possible. More information Can be found in the Microsoft Edge blog,
(May)
Google’s secure coding strategy promises investment safety and security
