Microsoft Upgrades PublishAPI for MicrosoftEdge Browser to Enhance Security and Update Experience

TapTechNews October 1st news, the tech media bleepingcomputer released a blog post yesterday (September 30th), reporting that Microsoft Corporation has upgraded and launched the PublishAPI for the MicrosoftEdge browser, enhancing the security of developer accounts and optimizing the update experience of browser extensions.

When developers first submit a new Edge browser extension program, it needs to be completed through the PartnerCenter. After approval, subsequent updates can be completed through the PartnerCenter or PublishAPI.

Microsoft is actively promoting the SecureFutureInitiative to enhance the security of all product groups, standardize and optimize the browser extension publishing process to prevent extensions from being hijacked by malicious code.

TapTechNews quoted Microsoft's report that the upgraded PublishAPI can dynamically generate API keys, thereby reducing the risk of static credentials being exposed in code or other vulnerabilities.

These API keys are not stored in the form of the keys themselves, but in the form of hashes in Microsoft's database, thereby further curbing the impact of API key leakage.

To further improve security, Microsoft internally generates access token URLs, and developers do not need to send these URLs when updating their extensions. This further improves security by limiting the additional risks posed by exposing URLs that may be used to push malicious extension updates.

The upgraded PublishAPI generates API keys with a validity period of only 72 days, while the previous key validity period was 2 years. Changing secrets more frequently can prevent continued abuse in case of secret leakage.