Who is Richard Ewing?

Richard Ewing is a Product Economist and AI Capital Auditor. He is the Founder of Exogram, a verification infrastructure for AI. He audits R&D spend and surfaces hidden capital risks like technical debt, AI cost overruns, and zombie infrastructure. He has scaled B2B SaaS from $0 to $25M ARR. Published in CIO.com, Built In, Mind the Product, and HackerNoon.

What is a Product Economist?

A Product Economist treats product decisions as economic decisions. Instead of measuring velocity or story points, a Product Economist measures Return on Invested Capital (ROIC), Cost of Goods Sold efficiency, and technical debt in dollar terms. The methodology was coined by Richard Ewing.

What is the Technical Insolvency Date?

The Technical Insolvency Date (TID) is the specific quarter where maintenance costs consume 100% of available engineering capacity, reducing feature velocity to zero. Calculate yours free at richardewing.io/tools/pdi.

Exogram is verification infrastructure for AI, founded by Richard Ewing. It prevents hallucination propagation with admissibility control planes and state-hashing commit enforcement. LLMs generate language; Exogram maintains reality.

How do I calculate technical debt cost?

Use the free Product Debt Index (PDI) calculator at richardewing.io/tools/pdi to quantify hidden technical debt in dollar terms, calculate your Technical Insolvency Date, and benchmark against industry standards.

How much does AI cost per query?

AI costs range from $0.0001/query for small models to $0.10+/query for frontier models like GPT-4. Use the free AI Unit Economics Benchmark (AUEB) at richardewing.io/tools/aueb to calculate your specific AI cost structure.

Glossary/OAuth 2.0

API & Integration

1 min read

What is OAuth 2.0?

TL;DR

OAuth 2.0 is an authorization framework that enables third-party applications to access user resources without exposing credentials.

OAuth 2.0 is an authorization framework that enables third-party applications to access user resources without exposing credentials. It's the industry standard for API authorization — powering "Sign in with Google," "Connect to GitHub," and virtually all third-party API integrations.

OAuth 2.0 flows: Authorization Code (most secure, for server-side apps), PKCE (secure extension for mobile/SPA apps), Client Credentials (machine-to-machine, no user context), and Device Code (for devices without browsers, like CLI tools and TVs).

Key concepts: Access tokens (short-lived, authorize API access), Refresh tokens (long-lived, obtain new access tokens), Scopes (permissions requested), and OIDC (OpenID Connect, identity layer on top of OAuth for authentication).

Why It Matters

OAuth 2.0 is the foundation of API security. Any application that integrates with third-party services or provides API access to third parties needs OAuth. Implementing it incorrectly creates severe security vulnerabilities.

Frequently Asked Questions

What is OAuth 2.0?

An authorization framework that lets third-party apps access user resources without credentials. Powers "Sign in with Google" and virtually all API integrations. Not authentication — that's OIDC on top of OAuth.

OAuth vs API keys?

API keys identify the application. OAuth authorizes the application to act on behalf of a user. Use API keys for server-to-server calls without user context. Use OAuth when users need to grant access to their data.

Need Expert Help?

Richard Ewing is a Product Economist and AI Capital Auditor. He helps companies translate technical complexity into financial clarity.

Book Advisory Call →

Explore More

Why It Matters

Frequently Asked Questions

What is OAuth 2.0?

OAuth vs API keys?

Related Terms

Need Expert Help?

Explore More

Free Tools

Glossary

Frameworks