### Week 9 : API Security

### Concepts related to the security and scaling of API

1. The Principle of Least Privilege (PoLP)
    - This concept can be applied here as this security principle dictates that a user, process, or program shall be given only bare minimum access or permissions required to perform the job and nothing more.
    - In my API, its currently providing unrestricted prediction access but when this is applied, there will be different keys for each service (or .py files)
    - Reflection: Right now, api.py only has an API key. Adding a key to train.py (employing this concept) will ensure that the model will not be altered by anyone else so it won't affect the predictions, stability, accuracy, and the model in general.

2. Rate Limiting (Defense against DoS or denial of service)
    - A defense mechanism that limits the number of HTTP requests a user can make to a server in a given period (e.g., 100 requests per minute).
    - Even with an API Key, an attacker can use a valid key to rapidly send requests, consuming all of your server's CPU/RAM and preventing legitimate users from getting predictions (Denial of Service - DoS).
    - Reflection: I can apply API rate limiting so that the client will not be able to abuse the service by spamming calls which ultimately overloads the server and service. I can set a rule or limit on how many requests can be done on a given period and if this has been violated, I can either delay, block, and even show a HTTP status code to let them know that there are too many requests. Queueing or buckets can also be implemented so as to discourage attackers as their attacks are also limited by this queue.

3. Securing Secrets (Key Management)
    - Keys are implemented to required authentications first before accessing the service. This is done so that only the client has the key which means they have the access and if a key has been compromised, its easier to pinpoint and manage. Attackers also will be discouraged as keys do not allow for easy bypassing and it will take them a lot of time to figure the key out unless it has been compromised or stolen.
    - In my project, its currently hardcoded. This is fine for a small project but keys must be stored in Secrets Managers like AWS or HashiCorp vault and loaded onto applications using environment variables. 
    - Reflection: while okay for a small project, it is not advisable to hard code secrets as it allows attackers or even other people within the organization to access the protected file,service, process, or data. Environment variables are best used here to ensure that no secrets are leaked and nothing is compromised.


### Reflection: 
#### What are the new security risks that are introduced when you move your model from a local notebook to a public-facing API?

New security risks include unauthorized use of the model, data and model integrity loss, possible attacks through exposure, client confidence/trust loss, and a possible full contamination of other items if this contains other security items. 

Anyone can steal the predictions and consume the resources (DoS) if this happens. They can even steal and reverse-engineer the model which will lead to leakage losses both in revenue and client trust. Data can also be compromised and allow for future attacks if the data has been poisoned or malformed. There can also be json/input attacks which will lead to server crashes ultimately making it worse for everyone. Implementing authentication practices, employing fail-secure principles, and robust pre-processing will help mitigate these risks. 

Authentication ensures that both sides, client and service, are the only ones communicating. This also gives both a responsibility to ensure that the keys they won't be compromised. Having this type of security also adds a layer of psychological security for both sides in a way that they can easily pinpoint which is causing issues. 

The fail-secure principle will also help by limiting access strictly to what is only allowed as with the principle of least privilege. This will ensure that the allowed process, user, or program will only have access or permissions on what it sole purpose is which is to request for predictions based on new data, further protecting the core model logic and allowing security in a way that the model is not easily compromised.

Robust preprocessing here will protect the server from crashing in case there is an attempt to poison or use malformed input validation. Said implementation will ensure that everything is standardized and the model will always receive the file in formats it exactly expects. This will make the model more secure and will also ensure that the server will always be up.