14-DAY TRIAL
megaheader_icon_mirrored-01
Samba Live for Webinars

Manage meetings, webinars, and events from anywhere in the world on any device to an audience of any size

LEARN MORE

megaheader_icon-02
Samba Live for Education

Fully engage your learners and maximize their education with a tool built for their success

LEARN MORE

megaheader_icon-03
Samba Live for OEM

The worlds best fully customizable white label webinar platform built entirely in HTML5 and WebRTC

LEARN MORE

megaheader_icon_layouts
Layouts

Change the layout of your video conference in just a few clicks

LEARN MORE

megaheader_icon_branding_1
Custom Branding

Customize your webinars to make the platform your own

LEARN MORE

megaheader_icon_broadcast
Live Streaming

Broadcast interactive webinars to YouTube and Facebook Live

LEARN MORE

More Features
Get Started
LOGIN

How to make the use of Video APIs secure

Robert Strobl
April 6, 2022

From saving costs to significantly reducing development efforts, APIs are currently one of the best ways to incentivize digital innovation and transformation.

In fact, 56% of developers report APIs helped them develop better products by creating business value (36%), integrating systems (40%), and accelerating innovation (52%).

With video conferencing tools becoming widely popular during the pandemic, video APIs (Application Programming Interfaces) have been critical in developing communication platforms during one of the biggest remote work shifts.

Video APIs in fact...

  • are easy to scale thanks to pre-build features 
  • remove the need to purchase and sustain complex server architectures
  • allow rapid service launches by cutting months of initial development

However, it’s also important to keep in mind that API’s ability to access data and critical components can be a double-edged sword.

According to Big Compass, around 50% of organizations experience between 10 up to 50 API attacks a month, while at least 91% of businesses experienced at least one security incident last year. 

Protection concerns have arisen, especially for video APIs, as they are widely used in the telemedicine, finance, and education sector where sensitive information and classified data needs to meet the highest security standards.

According to the security company Strikeforce Co-Founder George Waller: “You cannot just throw a cyber security band-aid at a poorly designed video conferencing platform and expect it to work.”

That’s why, when integrating real-time communication into an app or service, you need to make sure you are taking the right security precautions. 

The most common Video APIs threats are:

  • encryption protocols
  • authorization and authentication workflows
  • vulnerable devices including laptops, phones, tablets
  • incorrect API usage
  • no API behaviour data analysis (ex. discovering anomalies that could lead to a breach)

Encryption

Security starts with the HTTP connection itself. RESTful, or simply REST, is the most common type of API. This kind of application programming interface allows clients and servers to interact with a variety of web resources.

Secure REST APIs should only expose HTTPS endpoints, which ensures that all API communication is encrypted using SSL/TLS. This allows clients to authenticate the service and protect their credentials. 

WebRTC

When it comes to video APIs, using webRTC guarantees an extra layer of security and protection for sensitive data transmission. IETF enforces mandatory encryption and security standards on all WebRTC communications. In fact, creating an unencrypted network is prohibited.

WebRTC uses two standardized encrypting protocols. Data channels are encrypted using Datagram Transport Layer Security (DTLS), while media utilize Secure Real-time Transport Protocol (SRTP). WebRTC is a peer to peer protocol, however in case the connection needs to be established through a TURN server, based on the webRTC standard, there is no processing or storage of media (video, voice or file sharing).

Authentication

Security on an API level requires only permitted clients to access privileges and execute granted operations. When it comes to cyberattacks, authentication and authorization are one of the first lines of defence. Even if the terms are frequently used interchangeably, they actually refer to two separate protection processes:

  • Authentication is the act of validating that users are who they claim to be.
  • Authorization is the process of giving the user permission to access a specific function or resource (application, file, and data). This set of privileges should be set to a minimum. 

While most API developers will add a global authentication scheme, authorization can be an area developers sometimes overlook. In order to prevent abuse and protect sensitive data, both authentication and authorization security mechanisms need to be implemented. It’s important to keep in mind that the API keys and additional credentials need to be stored and kept private.

Implementing additional security best practices

Even if less convenient, utilizing unique session IDs can lead to an increased security level for video communication. The same goes for unique passwords. Prior to the start of the meeting, hosts should let in only individuals they can identify.

It’s essential for moderators to possess the power to limit the number of participants and force disconnect attendees. Limiting the ability to screen share is also additional step moderators can take to protect confidential documents.

Conclusion

In an increasingly virtual world, enterprises need to know their services are built with security in mind. Strong encryption, authentication & authorization, combined with privacy controls should be core functionality in every video engine such as Samba Live. Talk to our product specialists to find out how Samba Live can support you in reaching your business goals while ensuring top-grade security.

Get our tips, insights and best practices delivered monthly

security_whitepaper_book_cover_landing-1
VIEW SECURITY WHITE PAPER

Stop waiting for downloads and updates

Start your free trial in 60 seconds

GET STARTED
New call-to-action

You May Also Like