from Hacker News

Ask HN: Resources for learning how to secure a machine learning API

by this_is_not_you on 2/22/21, 3:37 PM with 1 comments

All courses (?) for deploying ML APIs assume that you don't mind that everybody can access your API if they know the external IP. That works because it's always just toy examples. But how do I learn to actually secure my API so that I can choose who can access it.

I know that GCP Cloud Run and Azure Container Instance offer simple ways of making services private. Both managed solutions. But what about hosted solutions? Where do I learn about that?

  • by Jugurtha on 3/1/21, 9:33 PM

    You can start by removing "machine learning" from "machine learning API", and learn how to build APIs and add authentication (tokens, oauth, jwt, etc.). There was a recent thread on HN on API building that you can check out.

    Also, most courses/blog posts are crap because they're mostly written by data virgins. I blocked the biggest Medium publication about data science and machine learning from my search results using an extension because they allow pretty much anyone to publish there about end-to-end ML/deployment/MLOps/ML project lifecycle, etc.

    This is not obvious and many are catching up on the MLOps movement. There are sadly more people writing about it than people actually doing it. I would have loved if it were not the case, as we are in that field as well and had to build our machine learning platform.