1. Microsoft Edge has launched a revamped Publish API aimed at enhancing the security of extensions. This initiative introduces automatic API key generation, improved key management, and a shorter key expiration period, all designed to protect developers and their extensions. The opt-in process allows developers to transition smoothly to the new system.2.
Enhancing Security for Microsoft Edge Extensions
Microsoft is stepping up its game with the new Publish API for Edge extensions. This initiative aligns with the Microsoft Secure Future Initiative, aiming to bolster security and streamline the publishing process.
What’s New in the Publish API?
The new Publish API introduces several key enhancements that developers should be aware of. These changes are designed to improve security and make the management of API keys more efficient.
Enhanced API Key Generation
One significant change is the automatic generation of API keys. Instead of relying on static credentials, the new system regenerates ClientId and API Keys for every developer. This reduces the risk of credential compromise.
API Key Management Simplified
Developers will now create and delete hashes of API keys in the database, rather than managing secrets directly. This approach enhances security by ensuring sensitive information is not stored in plain sight.
Access Token URL Changes
The new API eliminates the need for sending an access token URL. Instead, the URL is generated internally, which minimizes the risk of exposing sensitive data. However, developers may need to update their CI/CD pipeline configurations to accommodate this change.
Major Updates to API Key Expiration
Another notable update is the expiration period for API keys. Keys will now expire every 72 days, a significant reduction from the previous two-year period. This change ensures more frequent key rotations, thus enhancing security.
“The security enhancements coming with the new Publish API will help protect your extensions and improve the security of the publishing process.”
What’s Important to Know
Transitioning to the new Publish API requires some adjustments in development workflows. Developers must opt-in to the new API key management experience in Partner Center. After opting in, they will need to regenerate their ClientId and secrets, which may require updates to authentication workflows.
Furthermore, any existing CI/CD pipelines impacted by the new access token URL and API key expiration will need reconfiguration. Microsoft has made this transition an opt-in experience, allowing developers to move at their own pace.
“We encourage everyone to transition to the new, more secure experience as soon as possible.”
In conclusion, the new Publish API for Microsoft Edge extensions offers substantial security improvements. Developers are urged to adopt these changes to enhance the safety of their extensions.
From the Windows Blog
Windows Server Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more
Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more
Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October edition Read more
Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more
