Login
      Contents x
      Cautions when building service APIs
        • Print
        • PDF
        Contents

        Cautions when building service APIs

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          This section guides you through the cautions to be aware of when building services using APIs provided by B2B PRISM Live Studio.

          API security

          This section describes security considerations to be aware of when building services using APIs.

          Importance of SSL authentication

          Secure Socket Layer (SSL) authentication ensures secure communication between service providers and users.

          • Data protection: data transferred through SSL is encrypted, ensuring safety from external intruders.
          • Data integrity: prevents data from being tampered with or damaged during transfer.
          • Authentication: verifies that users are communicating with the intended service.

          Importance of OAuth 2.0 authentication system

          OAuth 2.0 authentication effectively manages user permissions and enables secure data sharing with external services.

          • Improved user experience: users can assess services without a separate signup.
          • Authorization and management: allows you to securely regulate access and management of user data by finely segmenting permissions.
          • Enhanced security: enhances security by not directly sharing user authentication information with external services.

          Problems that may arise from security issues

          If you do not pay attention to security considerations when building a service, the following problems may occur:

          • Data leakage: when SSL is not applied, sensitive user information may be exposed through the man-in-the-middle attack.
          • Data tampering: unencrypted connections are at risk of data tempering.
          • Permission ignored: when OAuth2.0 is not built, data access through APIs is not controlled, resulting in the risk of exposing sensitive information.

          Service API rate limit

          This section describes the cautions regarding API rate limit to be aware of when building services using APIs.

          Provide minimum API rate limit

          Cautions related to the minimum API rate limit are as follows:

          • B2B PRISM Live Studio calls 15 to 30 APIs per minute for each live, and the detailed call volume varies depending on the selected features.
          • The number of service APIs called by the service is proportional to the number of channels simultaneously conducting live broadcasts in the service. For example, when live streaming is being conducted simultaneously on 1000 channels, 15,000 to 30,000 calls occur per minute.

          Maximum API rate limit

          Cautions related to the maximum API rate limit are as follows:

          • Services exposed to the external environment without API rate limits are highly vulnerable to predictable service attacks such as DDoS.
          • They face service instability, along with the risk of personal data theft.
          • If a service becomes unstable due to excessive API calls, you can temporarily disable the service for the overall stability of the service.

          Maximum API response time

          Cautions related to the maximum API response time are as follows:

          • The recommended response time for service APIs is within 1 second, and it must not exceed 2 seconds.
          • If the response time of the service API exceeds 2 seconds, API timeout may occur, leading to a Go live failure or a failure in providing the streamer with broadcast status or statistics information.
          • If a response time exceeding 2 seconds persists, B2B PRISM Live Studio may consider the service's status as an outage and may temporarily disable the service for the overall stability of the service.

          Issues that may arise from API failure

          In case of a service API failure, streamers may encounter the following problems:

          • Go live failed
            • The broadcast may not start as scheduled due to API calls. It may result from server response delays or data transfer errors.
          • Abnormal broadcast termination
            • A broadcast may unavoidably be put to an end even when it is in progress. It may result from data packet loss or connection disruptions.
          • Service disabled when prolonged service outage detected
            • If API-related outage is consistently detected for hours, the service may be disabled temporarily for the stability and quality of the service.
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout