APIsex: API security for elixir

Hi all,

I’m releasing version 0.1.0 of APISex libraries. These are libraries for API access control.

6 plugs are ready to use:

When dealing with API access control I think you have 2 cases:

  • You consume your APIs from the web page javascript
    • In this case using cookies for API access control does the job
  • Your APIs are consumed by websites on other domains (cookies aren’t shared between different domains), third-parties (OpenAPI or information exchange with partners (machine-to-machine)) or mobile applications
    • Here you cannot use cookies (except using ugly and dangerous hacks) and APISex plugs may help you use a protocol designed for that

Any comment, review, question is welcome.

Have a great weekend !

4 Likes

Alright I’m going to say it: your library is a great idea but not so sure about the name. Whenever I look at it I think “API Sex” and quite possibly reminds me of a scene from the movie “A.I.”

5 Likes

I agree about the name. Whenever releasing something that might be used by others, or those in a professional environment, it’s best to stick to clean/neutral language :slight_smile:

What about APIsec? :smiley:

11 Likes

What’s wrong with Sex?
It´s Sex between APIs, that’s why there are so many APIs around :wink:

7 Likes

or APImate xd I coudn’t concentrate on the code if I saw the word sex so many times haha

2 Likes

I don’t know. I quite like the name. :yum:

1 Like

All slightly incompatible because of mutational drift, of course.

3 Likes

I’d probably rename this…

3 Likes

Hi there,
thanks for creating an OSS library sharing it with everyone!

As many others said I’d be happy about a rename of the project. It’s a level of name where I’d be uncomfortable having it anywhere in my dependencies.

4 Likes

Yes, I think I would be a little uncomfortable trying to talk about this library in a serious business meeting with a client or colleague.

4 Likes

Hmm, I think those APIs should probably use some protection.
…now if only there was a package for that…

1 Like

When choosing a name for your library, please consider search engines. There is a package I quite like called “assertions”. Try to google “elixir assertions”, no chance you will find it o the first 3 google pages. “API sex”, I don’t want to have in my search history to be honest. Avoid words like “sex” “boob” “cock” “dick” or anything along that line if you want your library to be used.

Edit: to clearify, I don’t have a problem with porn, sex, homosexual intercourse, dickpicks or anything someone might bring up. I just do not want to use the keyword “sex” in the search engine I use for work. Because that will lead to other things showing up when I search for api. Or sex. Don’t judge me.

4 Likes

If i as an employer Chose this library and some intern or woke person would see this. I`d be having focus on something else than getting work done. Also I’d second this Ningi’s comment as people do get fired for this. Also, some programmers have wife’s that are not technical :wink:

And just to point out , you haven’t gotten a single serious reply on what you were asking for. The code, the library itself.

1 Like

The consensus seems to be: please change the name. Make it APIXex, that would be my preference. Can be read X as in cross and ex same as elixir extension. And, it can be read as sex still.

You really should change your library name…

What about Happy instead of API? :slight_smile:

3 Likes

HAPPYsex…?

but seriously, there are far too many people getting offended at the possibility of someone else finding the name offensive. There’s another thread about why people are leaving Elixir and the community of SJWs and virtue signallers is high up on my list.

Will change to something more neutral like APISec as suggested!

Also this is part of a bigger project I’m working on and as far as I seen few people use external OAuth2 servers, so I published that just in case it’d be useful to someone out there but there already are plugs for 99% of common use-cases (cookie-based, JWT based, etc.). So lesson learned: not being to playful with lib names :wink:

Also, I remember talking to architects about API Gateways and they actually quite often ended up having an instance of the API Gateway installed on each API instance, especially in micro-service / docker deployment contexts. And these API gateway instances mainly did security stuff (also cache and SLA management). So I’m wondering if on Erlang/Elixir stack API Gateways are needed at all.

4 Likes

Fantastic - thanks @tangui :023:

Feel free to post a new thread thread in this section for it when you’ve changed it :lol:

I hope You don’t believe I am offended :slight_smile:

Offended virtue signalling people offend me says person virtue signalling on forum.

2 Likes