AWS iot-mi documentation change
Summary
Added documentation requirements about API keys and OAuth callback URL allowlisting for third-party API integrations
Security assessment
The change adds guidance about handling API keys and OAuth security configurations when integrating third-party APIs, but does not indicate any specific security vulnerability being addressed. It documents standard security practices for OAuth implementations rather than responding to a known exploit.
Diff
diff --git a/iot-mi/latest/devguide/concepts-building-connector.md b/iot-mi/latest/devguide/concepts-building-connector.md index 1083a7b6b..73b3a8a5a 100644 --- a//iot-mi/latest/devguide/concepts-building-connector.md +++ b//iot-mi/latest/devguide/concepts-building-connector.md @@ -49,0 +50,2 @@ In addition, to test the connector, the developer of the connector must have the + * Any API keys that are required by your third-party API registration or allowlisting for the OAuth callback URL hosted by AWS. Some third parties explicitly allowlist an OAuth redirect URL, while others have a workflow where users can log in and register the OAuth URL. Consult with the specific third party to understand what is required to allowlist the managed integrations OAuth redirection endpoint +