Join us in Stockholm in October to help shape Curity’s roadmap and connect with fellow customers.
- [Curity and O’Reilly: Cloud Native Data Security with OAuth Book Launch in Stockholm | Curity](https://curity.io/oreilly-book-launch/):Join us at our Stockholm office for a celebration of our new book and conversations around the themes that made us want to write the book in the first place. Meet the authors, ask your questions and pick up your signed copy of the book.
- [Modern Business, Secured: Future-Proof Identity & Access Management | March 26, London | Curity](https://curity.io/curity-axiomatics-london-meetup/):Join Curity and Axiomatics on March 26 at The Brewery, Chiswell Street, London for Modern Business, Secured: Customer Identity and Access for the Future. This half-day event explores financial-grade security, identity architecture, and access management strategies that help organizations stay agile while protecting sensitive data. Hear from industry experts, including Curity CTO Jacob Ideskog and Axiomatics CTO David Brossard, as they discuss modular identity architectures, consistent information flows, and dynamic access policies. Learn how to build secure, scalable, and customer-friendly identity solutions. Register now to future-proof your security strategy!
- [Join security experts in Brussels for a breakfast seminar exploring strong security for banks and beyond | Curity](https://curity.io/curity-security-breakfast-brussels/):High-grade security is particularly important for the financial sector but is absolutely necessary for any organization and industry that handles valuable customer data. Attend this security breakfast in Brussels on December 3 to learn how to protect customer data and prevent breaches by connecting digital identity, API management and secure access.
- [Join Curity in Copenhagen for a breakfast seminar exploring strong security for banks and beyond | Curity](https://curity.io/curity-security-breakfast-copenhagen/):High-grade security is particularly important for the financial sector but is absolutely necessary for any organization and industry that handles valuable customer data. Join Curity in Copenhagen to learn how to protect customer data and prevent breaches by enabling strong security for your APIs.
- [Join Curity's breakfast seminar, Strong Security for Banks and Beyond | Curity](https://curity.io/strong-security-for-financial-services/):High-grade security is especially important for the entire financial sector but necessary for all industries that handle valuable customer data. Join Curity to learn how to best protect customer data and prevent breaches by securing your APIs.
- [Join Curity at Identiverse 2024 | Curity](https://curity.io/meet-curity-at-identiverse-2024/):Join Curity at Identiverse - Booth 2306 May 28-31, 2024 at ARIA Resort & Casino, Las Vegas, Nevada
- [Java Software Engineer | Curity Identity Server](https://curity.io/company/careers/job/java-software-engineer/): We are seeking a creative, self-sufficient, and experienced Java Software Engineer with5+years of experience in developing production-class… - [Strategic Account Executive - US East | Curity Identity Server](https://curity.io/company/careers/job/strategic-account-executive-us/): Curity is the global leader in API-driven Security, perfectly positioned to capture a significant part of the growing AI Security market… - [Professional Services Engineer | Curity Identity Server](https://curity.io/company/careers/job/professional-services-engineer/): At Curity, a global leader in API-driven identity and access management, we empower organizations to secure millions of users through… - [Product Marketing Engineer | Curity Identity Server](https://curity.io/company/careers/job/product-marketing-engineer/): What we do at Curity is complicated, and explaining it is hard. On the surface, it’s easy: we help our customers identify their users, so… - [Blog | Curity](https://curity.io/blog/): The latest news, product updates, and thoughts on identity and access management, and API security insights from the Curity team - [Token Intelligence: Why IAM needs a new mental model | Curity](https://curity.io/blog/token-intelligence-curity/): Modern IAM must support APIs, microservices, and AI. Learn how token intelligence enables context-aware authorization beyond user-centric models. - [Beyond Login: Building Secure Authorization with the Curity Identity Server | Curity](https://curity.io/blog/beyond-login-secure-authorization-curity-identity-server/): Secure your APIs beyond login. Learn how the Curity Identity Server enables fine-grained authorization, protects tokens, and prevents OAuth misconfigurations. - [Financial Grade APIs v2 (FAPI 2) Certification | Curity](https://curity.io/blog/curity-fapi2-certification/): Curity has certified that the Curity Identity Server version 8.5.0 conforms to the FAPI 2.0 Security Profile. - [How Challenger Banks Can Fight Rising Fraud | Blog | Curity | Curity](https://curity.io/blog/how-challenger-banks-can-fight-rising-fraud/): Learn how digital banks can combat APP fraud and enhance security with advanced identity and access management (IAM) solutions. Explore token-based architecture, adaptive authentication, FAPI, and more to protect customer data and transactions - [Identity Provider Integration | Curity Identity Server Benefits | Curity](https://curity.io/blog/benefits-of-idp-integration-with-the-curity-identity-server/): Discover the benefits of Identity Provider (IdP) integration with Curity Identity Server. Improve authentication security, enable SSO, and streamline access management. - [Upgrading Your IAM System the Right Way | Curity](https://curity.io/blog/upgrading-your-iam-system-the-right-way/): The OAuth family of specifications provides the best architecture capabilities and many advanced design patterns for managing security-related use cases. - [Considerations for a Modern IAM Infrastructure | Curity](https://curity.io/blog/considerations-for-a-modern-iam-infrastructure/): What are the factors that need to be considered when choosing a way to modernize your identity and access management infrastructure? - [Authentication Solutions Could Save Organizations Millions | Curity](https://curity.io/blog/authentication-solutions-could-save-millions/): Organizations, particularly companies in the financial services and healthcare industries, could reap benefits with a customer access security solution focused on identity management. - [Zero-Trust Architecture: Identity Is the New Perimeter | Curity](https://curity.io/blog/zero-trust-architecture-identity-is-the-new-perimeter/): Learn how the Zero-Trust Architecture approach is all about tight control access based on identity. - [5 Ways Curity Identity Server Solves Modern Identity Challenges | Curity](https://curity.io/blog/5-ways-curity-solves-modern-identity-challenges/): Discover 5 reasons why the Curity Identity Server leads in identity management—offering flexible architecture, advanced authentication, and compliance support for secure, modern digital infrastructure. - [Which Is Best for IAM: Build, Open Source, or Buy? | Curity](https://curity.io/blog/which-is-best-for-iam-build-open-source-or-buy/): Deciding the best way to modernize or scale up your Identity and Access Management and API security can be a difficult task. Here are some considerations. - [Customer Identity and Access Management with Curity | Curity](https://curity.io/blog/ciam-with-curity/): The Curity Identity Server comes with a set of built-in authentication methods and an extensive list of actions. Actions are steps in an authentication process allowing customized behavior and user journey orchestration. - [Identity and Access Management for AI Agents | Curity](https://curity.io/blog/identity-and-access-management-for-AI-agents/): Secure AI agents with modern IAM: learn how machine identities, OAuth, and application-centric governance protect unpredictable, autonomous systems. - [How to Start Your IAM Journey Right — In Three Steps | Curity](https://curity.io/blog/how-to-start-your-iam-journey-right-in-three-steps/): This article offers advice on what to consider when starting your identity and access management (IAM) journey. - [Advanced CIAM Is Key to US CFPB Section 1033 Compliance | Curity](https://curity.io/blog/advanced-CIAM-US-CFPB-Section-1033-Compliance/): Learn how advanced CIAM helps US financial institutions meet CFPB Section 1033 compliance by securing APIs, managing consent, and enabling open banking. - [API Security: Common Misunderstandings for Business Teams | Curity](https://curity.io/blog/api-security-common-misunderstandings-for-business-teams/): API security is a business issue, not just a technical one. Learn why access decisions, identity, and OAuth shape risk, trust, and growth. - [Designing Your OAuth Login Workflow | Curity](https://curity.io/blog/designing-your-oauth-login-workflow/): With security becoming more sophisticated in recent years, implementing authentication workflows within applications is no longer viable. - [API Security Trends 2026: AI, MCP, authorization and more | Curity](https://curity.io/blog/api-security-trends-2026/): Explore 2026 trends in API access control, IAM, and data security - from machine identities and OAuth to AI-driven authorization and regulation. - [Modernize SAML Web Architectures the Right Way | Curity](https://curity.io/blog/modernize-saml-web-architectures-the-right-way/): Modernize legacy SAML web architectures with up-to-date practices. Learn how to migrate from SAML to OAuth, improve web security, and adopt modern web architecture approaches for today’s applications. - [Guarding Against AI-Agent Attacks: A Cautionary Tale from a Recent Incident | Curity](https://curity.io/blog/guarding-against-ai-agent-attacks-cautionary-tale/): A recent AI-agent attack shows how automated adversaries exploit weak controls. See how human-in-the-loop checkpoints, OAuth token renewal, and stricter API access models help stop misuse and strengthen your defenses. - [Is Your API Ready for the AI Agents? | Curity](https://curity.io/blog/is-your-api-ready-for-the-ai-agents/): AI agents are evolving, but security and API integration remain key challenges. Learn how OAuth, token exchange, and dynamic client registration can help service providers prepare. - [User Consent Best Practices for AI Agents: Securing Data in the Age of Automation | Curity](https://curity.io/blog/user-consent-best-practices-in-the-age-of-ai-agents/): User consent for AI agents must be granular and time-limited. Discover best practices for managing, granting, and revoking consent when agents act on a user’s behalf. - [Takeaways From the 2025 Nordic APIs Platform Summit: API security, MCP, AI | Curity](https://curity.io/blog/takeaways-from-platform-summit-2025/): Key takeaways from the 2025 Nordic APIs Summit - from API security insights to how MCP is reshaping the future of APIs and AI. - [2025's Most Important API Security Trends | Curity](https://curity.io/blog/2025-top-api-security-trends/): Explore the top API security trends for 2025, including AI, auditable authorization, passwordless authentication, zero trust, and much more. - [From Screws to Software: The Power of Security Standards in the Modern Age | Curity](https://curity.io/blog/the-importance-of-security-standards/): Discover how standards like OAuth, OpenID, and OpenAPI enhance protection, interoperability and innovation. Learn why following standards simplifies implementation, reduces vulnerabilities and accelerates adoption of new technologies. - [Beyond Compliance: CIAM for Business Growth | Curity](https://curity.io/blog/beyond-compliance-ciam-for-business-growth/): Discover how Customer Identity and Access Management (CIAM) helps businesses meet data protection laws, strengthen security, build trust, and turn regulatory compliance into a strategic advantage. - [Zero Trust Authentication Using Curity and Beyond Identity | Curity](https://curity.io/blog/zero-trust-with-strong-passwordless-authentication-using-curity-and-beyond-identity/): Organizations are moving towards a Zero Trust Architecture where the user identity must be verified frequently, the use of passwords is less than ideal. - [Your APIs Are Only as Secure as Your JWTs | Curity](https://curity.io/blog/your-apis-are-only-as-secure-as-your-jwts/): API security has matured over the years, and we have moved from API-keys-based security to token authorization. JWTs are a popular format for access tokens - [Why No Password Is Better than One Password | Curity](https://curity.io/blog/why-no-password-is-better-than-one-password/): What is passwordless authentication? Why is it better than using traditional passwords? How can a passwordless approach be implemented? - [Where Identity Security Is Heading | Curity](https://curity.io/blog/where-identity-security-is-heading/): Thoughts on the current state of identity security and what developments it needs to go through. - [What’s the Deal with CIBA? | Curity](https://curity.io/blog/whats-the-deal-with-ciba/): CIBA has been profiled by the Financial-Grade API (FAPI) working group and is being adopted by banking regulations across the globe. - [What's Next for Open Banking | Curity](https://curity.io/blog/whats-next-for-open-banking/): The Financial-grade API family of specifications moves fast. Here we explore what's coming up next for open banking regulations. - [Using Subject Alternative Names to Authenticate OAuth Clients | Curity](https://curity.io/blog/using-subject-alternative-names-to-authenticate-oauth-clients/): Certificates are a hard technology to work with. In this spirit, I recently decided to learn more about Subject Alternative Names (SANs). - [Understanding the Levels of API Security | Curity](https://curity.io/blog/understanding-the-levels-of-api-security/): What is the best API security approach to adopt? Amid rising API attacks, API security should be front and central for modern enterprises. - [The Evolution of Signature Algorithms | Curity](https://curity.io/blog/the-evolution-of-signature-algorithms/): Algorithms are essential to avoid security incidents such as private keys being retrieved from signatures or valid signatures being created. - [Strengthen M&A Cybersecurity with Zero Trust Architecture | Curity](https://curity.io/blog/strengthen-merger-and-acquisition-cybersecurity-with-zero-trust/): Existing vulnerabilities can be exposed while the risk of introducing new attacker entry points rises. Cybercriminals often seek to capitalize on these security weaknesses during an M&A transition. - [Strengthen API Access Control with Attribute-Based Authorization | Curity](https://curity.io/blog/strengthen-api-access-control-with-attribute-based-authorization/): Proper authorization constitutes an important part of your API security. - [Smart API Security for Your Smart Car | Curity](https://curity.io/blog/smart-api-security-for-your-smart-car/): Cars are smarter and more connected than ever and security breaches are rising. Here we outline the fundamental principles of API security to be aware of. - [Towards Seamless Login: Enhancing User Experience and Security | Curity](https://curity.io/blog/seamless-secure-login-user-experience/): What are some common challenges developers face when building seamless login experiences and how can they be overcome? - [Resolving the Digital Identity Dilemma in a Decentralized Way | Curity](https://curity.io/blog/resolving-digital-identity-dilemma-in-decentralized-way/): How can decentralized identity help individuals and organizations solve the current issues associated with digital identity? - [OAuth Application Guides for Solution Design | Curity](https://curity.io/blog/oauth-application-guides-for-solution-design/): If you are building an API, website, mobile app or API gateway integration, our guides can help you. - [The Myths and Truths About Decentralized Identifiers | Curity](https://curity.io/blog/myths-and-truths-about-decentralized-identifiers/): In this article we straighten up some misconceptions and provide some basic understanding concerning Decentralized Identifiers (DIDs). - [Managing Scopes and Claims in OAuth Tokens | Curity](https://curity.io/blog/managing-scopes-and-claims-in-oauth-tokens/): OAuth and OpenID Connect tokens are vital standards to help maintain a high level of security. - [Identities and App Security in a Complex IT Environment | Curity](https://curity.io/blog/managing-identities-and-app-security-consistently-in-a-complex-it-environment/): How ICA Gruppen consistently manages identities and app security in a very complex IT environment. - [Inserting API Access Security into the NIST Cybersecurity Framework 2.0 Conversation | Curity](https://curity.io/blog/inserting-api-access-security-into-the-nist-cybersecurity-framework-conversation/): Application and microservice security needs to be an increasing part of the ongoing cybersecurity conversation. - [How Identity Management Powers Digital Transformation Success | Curity](https://curity.io/blog/identity-enables-digital-transformation-success/): Identity management strengthens security, streamlines access, and improves compliance in digital transformation. Learn how CIAM and IAM create a secure, seamless identity layer to drive innovation, compliance, and efficiency across APIs and applications. - [How to Set up Your SaaS Security Architecture for Success | Curity](https://curity.io/blog/how-to-set-up-your-saas-security-architecture-for-success/): Key security factors SaaS developers must consider when planning out the security of their solutions. - [How to Protect Data in the Era of Remote Healthcare | Curity](https://curity.io/blog/how-to-protect-remote-healthcare-data/): Key components of a secure and accessible digital healthcare setup. - [How Should You Serve Your Access Tokens: JWTs, Phantom, or Split? | Curity](https://curity.io/blog/how-should-you-serve-your-access-tokens-jwts-phantom-or-split/): How should you serve your access tokens: JWTs, phantom, or split? - [Going Passwordless With WebAuthn | Curity](https://curity.io/blog/going-passwordless-with-webauthn/): Weak passwords are driving a factor towards a passwordless approach. The WebAuthn standard is one of the leading technologies to achieve this securely. - [From the HEART | Curity](https://curity.io/blog/from-the-heart/): How do you protect people's integrity in a pandemic when you rely on private data being shared and accessible? - [What are Decentralized Identifiers and Verifiable Credentials? | Curity](https://curity.io/blog/decentralized-dentifiersand-verifiable-credentials-building-blocks-for-self-controlled-identities/): Decentralized identifiers and verifiable credentials combined provide a promising new way of identity management. - [Insights from the 2024 Austin API Summit | Curity](https://curity.io/blog/curity-gains-actionable-insights-from-2024-austin-api-summit/): The Austin API Summit was a welcome chance for us to proactively stay ahead of the challenges we face and to stay aligned with the trends shaping the future of our work and our world. - [Future of API Security and Identity at Platform Summit 2025: AI, MCP, and Digital Sovereignty | Curity](https://curity.io/blog/future-api-security-identity-platform-summit-2025/): Discover key API security and identity themes at Platform Summit 2025. Explore the rise of non-human identities, MCP and AI-to-API connections, and identity’s role in digital sovereignty with Curity experts. - [Why InsuranceTech Companies Need to Rethink Identity Security | Curity](https://curity.io/blog/why-insurance-tech-companies-need-to-rethink-identity-security/): Insurers face rising fraud, API abuse, and compliance demands as digital services grow. Learn why an identity-first approach is key to secure, seamless customer experiences and future-proofing InsuranceTech. - [My Key Takeaways from the Digital Identity unConference Europe | Curity](https://curity.io/blog/takeaways-from-digital-identity-unconference-europe/): Decentralized Identity Is gathering momentum. - [Selective Disclosure for JWTs: Safeguarding Data and Privacy | Curity](https://curity.io/blog/selective-disclosure-jwts-keep-your-data-and-privacy-close/): Discover how Selective Disclosure for JWTs enhances privacy and security by enabling users to share only essential data. - [New report from Curity: Plotting the Roadmap For Digital Identity | Curity](https://curity.io/blog/plotting-the-roadmap-for-digital-identity/): To understand what organizations and consumers think of the future of digital identity and if they are ready to embrace new, emerging technologies, we surveyed IT decision makers and consumers in the UK and the US. - [Quantum-safe API Security - How to prepare APIs for the post-quantum future | Curity](https://curity.io/blog/quantum-safe-api-security/): How to prepare APIs for the post-quantum future - [Redefining IAM for Customers and Partners | Curity](https://curity.io/blog/redefining-iam-for-customers-and-partners/): Explore key takeaways from Gartner’s 2025 report redefining CIAM & PIAM. Learn how modern IAM strategies can better support customer and partner identities for growth and security. - [10 Years of Curity: Milestone Reflections & Founder's Interview | Curity](https://curity.io/blog/a-decade-of-identity-innovation/): Celebrating 10 years of Curity! Explore our journey in API security and identity management, and hear from co-founder Jacob Ideskog in a special video interview reflecting on the past decade and what’s next. - [There's More to OAuth and OpenID Connect Than JWTs | Curity](https://curity.io/blog/more-to-oauth-and-oidc-than-jwts/): OIDC is a standard created for identifying users with flows that heavily rely on the browser, and CI/CD jobs have none of that. So, how do these technologies actually work together? - [What Is Access Control? Key Methods and Benefits for Secure Systems and APIs | Curity](https://curity.io/blog/what-is-access-control/): Explore modern access control methods and how authentication, authorization, and policy enforcement protect data across systems and APIs. - [What Are Transaction Tokens? Comparing Them to Phantom Tokens | Curity](https://curity.io/blog/transaction-tokens-new-phantom-tokens/): Explore the emerging concept of transaction tokens and how they compare to the phantom token pattern. Learn how both approaches enhance API security. - [Scaling OAuth to Many APIs | Curity](https://curity.io/blog/scaling-oauth-to-many-apis/): In OAuth API architectures, managing scopes and claims is a balancing act. Therefore, use the following key steps when designing your OAuth API architecture to ensure scalability. - [Protecting against API Token and Credential Theft in 2024 | Curity](https://curity.io/blog/protect-against-token-and-credential-theft-in-2024/): In 2024, cyber-attacks against APIs are a major concern, and organizations need a solid design to protect against the threats. - [Decentralized Identity and API Security | Curity](https://curity.io/blog/decentralized-identity-api-security/): What will be the effect of the decentralized identity paradigm shift on API security? What should companies do to prepare for the shift? And why talk about identity in APIs at all? - [How FAPI Secures APIs from Modern-Day Thieves | Curity](https://curity.io/blog/how-fapi-secures-your-apis-against-attackers/): Discover how FAPI secures APIs against attackers with centralized configurations, token protection, and robust authorization flows. Safeguard your data and build trust with high-grade API security. - [OAuth: What Everyone Should Know | Curity](https://curity.io/blog/oauth-what-everyone-should-know/): Explore our new book on cloud-native data security with OAuth — learn how to go beyond authentication to secure modern APIs at scale. - [Impressions from Nordic APIs’ Platform Summit 2023 | Curity](https://curity.io/blog/impressions-from-platform-summit-2023/): It was the first Platform Summit after some years break and groundbreaking for me. I got the chance to meet many people and have a lot of interesting discussions. - [Hosting APIs in Multiple Regions | Curity](https://curity.io/blog/hosting-apis-in-multiple-regions/): Many companies today want to host their software in multiple regions, which may sometimes be necessary to do business in new markets. How best to do this? - [Using Hypermedia to Perform App2App Logins | Curity](https://curity.io/blog/using-hypermedia-to-perform-app2app-logins/): App2App login is a pattern that is driven heavily by the Open Banking implementations around the world. - [Open Banking Brazil Status Update and Short-Term Roadmap | Curity](https://curity.io/blog/open-banking-brazil-status-update-and-short-term-roadmap/): It’s exciting times in the financial industry, and the work that Open Banking Brazil (OBB) is doing is pushing many industries and geographies forward. - [How to Pave the Way for Passkeys Adoption | Curity](https://curity.io/blog/pave-the-way-for-passkeys-adoption/): What are the most common challenges with passkeys and how can they be overcome to accelerate the start of a passwordless future? - [Mitigating Phishing Attacks | Curity](https://curity.io/blog/what-are-phishing-attacks-and-how-do-you-prevent-them/): What Are Phishing Attacks and How Do You Prevent Them? - [Modern Techniques for Securing SPAs | Curity](https://curity.io/blog/modern-techniques-for-securing-spas/): Presenting the new Curity whitepaper focused on helping developers to improve the security of single page applications with the Token Handler pattern. - [5 API Security Principles That Are Here to Stay | Curity](https://curity.io/blog/5-api-security-principles-that-are-here-to-stay/): With APIs becoming the most frequent attack vector of cybercrimes, it's now more important than ever to stay on top of API security trends. - [Upgrade Your App2App Logins to BankID v6 | Curity](https://curity.io/blog/upgrade-appsapp-logins-to-bankid-v6/): BankID is well known example of App2App authentication in Sweden. Members of the public install the BankID app, either on their mobile device or their desktop. - [OAuth and OpenID Connect Adoption Funnel 2023 | Curity](https://curity.io/blog/oauth-openid-connect-adoption-funnel-2023/): In this blog post, Curity's experts delve into the OAuth and OpenID Connect adoption funnel, providing a micro-level view of the specifications. - [Modern Credential Management in IAM: Securing Passwords & Storage | Curity](https://curity.io/blog/perspective-on-modern-credential-management/): Explore modern credential management in IAM. Learn to secure passwords, centralize storage, and decouple credentials from accounts for better security. - [Experience Verifiable Credentials: The Curity Demo Wallet | Curity](https://curity.io/blog/the-curity-demo-wallet/): The wallet guides you through the steps for getting your first credential and when presenting it. For detailed guidance, check out our wallet tutorial and get acquainted with using verifiable credentials. - [Deploy CIAM in the Cloud or On-Premise? | Curity](https://curity.io/blog/ciam-deployment-cloud-vs-on-premise/): Where to Deploy Your Customer Identity and Access Management - [Use Passkeys for Strong Customer Authentication | Curity](https://curity.io/blog/use-passkeys-painless-strong-customer-authentication/): Discover how passkeys can enhance strong customer authentication (SCA) by blending security, user experience, and reliability. - [Open Banking for B2B Scenarios | Curity](https://curity.io/blog/open-banking-for-b2b-scenarios/): In open banking, we tend to talk about the consumer-facing challenges, but business-to-business (B2B) isn’t mentioned that often. - [Secure Single Page Applications by Preventing Token Theft | Curity](https://curity.io/blog/secure-single-page-applications-by-preventing-token-theft/): It’s time to level up security for single page applications and remove the token theft problem once and for all. - [Build Your OAuth Login User Experience | Curity](https://curity.io/blog/build-your-oauth-login-user-experience/): Consistently branded log in that look like the rest of your app is critical for UX. Here are some things to consider when integrating OAuth into your apps. - [OAuth Tools: The Free OAuth Laboratory | Curity](https://curity.io/blog/oauth-tools-the-free-oauth-laboratory/): If you're looking for a place to experiment, learn, and explore the inner workings of OAuth and OpenID Connect, check out our award-winning OAuth Tool. - [OAuth 2.1 - OAuth Made Better | Curity](https://curity.io/blog/oauth-2-1-oauth-made-better/): OAuth 2.1 - as the name indicates - is going to be an update of OAuth 2.0. The draft incorporates updates, changes and recommendations from best practices from the last few years. - [Token Handler: The Single Page Application’s New BFF | Curity](https://curity.io/blog/token-handler-the-single-page-applications-new-bff/): How do you solve the conflict between Single Page Applications running smoothly and end-users receiving the best customer experience in the browser? - [The State of Financial-grade API Security Profile 2.0 | Curity](https://curity.io/blog/the-state-of-fapi-2/): An overview of the current state of Financial-grade API Security Profile 2.0 - [How to Manage Multi-tenancy in an IAM System | Curity](https://curity.io/blog/manage-multi-tenancy-in-iam-system/): This article explores the management of multi-tenancy in an IAM system by looking into different multi-tenant strategies that can be used to secure identities. - [Three Ways to Leverage a Common Identity Platform | Curity](https://curity.io/blog/three-ways-to-leverage-a-common-identity-platform/): Modern businesses need to enable consistent, secure authentication experiences for end-users and provide access security to developer teams. - [Why Banks Must Go Beyond Compliance with API Standards | Curity](https://curity.io/blog/secure-online-banking-with-a-competitive-edge/): Discover key takeaways from Gartner® on how banks can turn APIs into strategic assets, boost security, and drive innovation with standards like FDX, BIAN, and ISO 20022. - [Reducing Passwordless Drop-Off with A/B Testing and Insights | Curity](https://curity.io/blog/reduce-passwordless-dropoffs/): Implementing passkeys is not always as straightforward as it initially looks. Learn some tips how to minimize friction and avoid dropoff. - [API Security Trends in 2023 I All You Need to Know I Curity | Curity](https://curity.io/blog/api-security-2023-trends/): Why 2023 will be the year of API security and what are the key API security best practices to focus on. - [Curity's Rapid Response to Log4Shell Vulnerability | Curity](https://curity.io/blog/curitys-rapid-response-to-log4shell-vulnerability/): A timeline of how the Curity team responded to the Log4Shell vulnerability to ensure the safety of the customers' deployments. - [Reflections on KubeCon Europe: What Worked and What Could Have Made It Even Better? | Curity](https://curity.io/blog/curity-at-kubecon-europe/): Reflections on KubeCon Europe: what worked and what could have made it even better? - [Reflecting on 8 Years of Making The Internet a Safer Place | Curity](https://curity.io/blog/8-years-of-making-the-internet-safer/): Looking back at the first 8 years of Curity, the reason we started, and our ongoing mission to make the internet safer. - [Security Best Practices for SaaS Businesses | Curity](https://curity.io/blog/security-best-practices-for-saas-businesses/): Best practices for SaaS companies to ensure the security of their solutions and empower their businesses. - [Lessons in Chemistry | Curity](https://curity.io/blog/lessons-in-chemistry/): Identity Management and API Security: Time to Get the Teams Together - [Partner Opportunities with Curity | Curity](https://curity.io/blog/partner-opportunities-with-curity/): partner-opportunities-with-curityJoin Curity's partner network to help deliver secure solutions for today’s complex digital services. Learn more. - [Java 17 And Our Commitment to Technology | Curity](https://curity.io/blog/java-17-and-our-commitment-to-technology/): With the Curity Identity Server 7.0 we upgrade to Java 17. We are eager to see as broad adoption of Java 17 as Java 8 received. - [Summary of Internet Identity Workshop (IIW) | Curity](https://curity.io/blog/takeaways-from-iiw-35/): Last week, some of us attended the OpenID Foundation’s OpenID Workshop and the Internet Identity Workshop (IIW) in San Francisco, California. Here are some of my key takeaways. - [International Women’s Day: DigitALL and #PowerOn | Curity](https://curity.io/blog/iwd-2023/): Today is International Women's Day. A reminder to reflect on the gender balance and women empowerment in the tech industry and discuss how we can achieve greater equality. - [Six Wonderful Years! | Curity](https://curity.io/blog/six-wonderful-years/): Curity has just had its sixth birthday. The company grew from a simple idea - to help software developers make secure and user-friendly access to applications a whole lot easier. - [How to Take Control of Cookies in OAuth-Secured Web Apps | Curity](https://curity.io/blog/take-control-of-cookies-in-oauth-secured-web-apps/): Secured and unsecured browser-based apps require different architectures. This post summarizes some techniques you can use to enable the best browser security while ensuring other important qualities. - [Why APIs Require Zero Trust Security | Curity](https://curity.io/blog/why-apis-require-zero-trust-security/): APIs are critical for modern solutions in most industries. This is why a zero-trust approach is required in API security. - [5 Practical Questions on EdDSA Answered | Curity](https://curity.io/blog/5-practical-questions-on-eddsa-answered/): Why and when the EdDSA algorithm should be implemented to save you time, money, and resources. - [How to Navigate the Jungle of Open Banking Specifications | Curity](https://curity.io/blog/how-to-navigate-the-jungle-of-open-banking-specifications/): Many specifications and drafts within the OAuth and OpenID world aim to help translate Open Banking requirements to technical ones. - [User Opt-In Multi-Factor Authentication | Curity](https://curity.io/blog/user-opt-in-multi-factor-authentication/): What are the benefits of using Opt-In MFA action, a new addition to the Curity Identity Server? - [3 Solutions for Securing Complex API Ecosystems | Curity](https://curity.io/blog/3-solutions-for-securing-complex-api-ecosystems/): As the number of APIs grow, protecting them becomes increasingly difficult. - [Digital Identity and How to Protect It | Curity](https://curity.io/blog/digital-identity-and-how-to-protect-it/): What is digital identity, and what measures should one take to protect it most efficiently? Read the interview with Curity's CTO Jacob Ideskog. - [The Future of Open Finance Is Here | Curity](https://curity.io/blog/the-future-of-open-finance-is-here/): Introducing the report on how the financial industry is managing the adoption of Open Banking - [FIPS 201 Is Changing | Curity](https://curity.io/blog/fips-201-is-changing/): FIPS 201-3 is expected to be ratified very soon. To help you make sense of this update and to prepare, we have published and updated a few resources: - [Prince JARMing | Curity](https://curity.io/blog/prince-jarming/): JWT Secured Authorization Response Mode (JARM) allows you to use signed and encrypted responses. But why introduce another encryption if there is TLS? - [Blog posts about ai | Curity Identity Server](https://curity.io/blog/tags/ai/): Learn about ai - [Blog posts about Authentication | Blog | Curity](https://curity.io/blog/tags/authentication/): Blog posts on authentication best practices, how to protect user identities, access tokens and passwordless authentication. | Blog | Curity - [Blog posts about API Security | Blog | Curity](https://curity.io/blog/tags/api-security/): Blog posts covering API Security topics. Read about different levels of API Security, how to best secure your APIs, best practices for JWTs and more. | Blog | Curity - [Blog posts about Security Architecture | Blog | Curity](https://curity.io/blog/tags/security-architecture/): Articles related to security architecture. How do you build and maintain a high level of security in your IT environment? | Blog | Curity - [Blog posts about API Management and Security | Blog | Curity](https://curity.io/blog/tags/apis/): Blog posts on API management and security. Learn about everything from fundamental principles to managing APIs and identities in a complex IT environment. | Blog | Curity - [Blog posts about curity | Curity Identity Server](https://curity.io/blog/tags/curity/): Learn about curity - [Blog posts about OAuth | Blog | Curity](https://curity.io/blog/tags/oauth/): Blog articles on topics related to OAuth. Learn about OAuth Tools, how to best serve tokens, manage scopes and claims, and more. | Blog | Curity - [Blog posts about OpenID Connect | Blog | Curity](https://curity.io/blog/tags/openid-connect/): Blog posts on topics related to OpenID Connect with updates and tips on how to maintain a high level of security. | Blog | Curity - [Blog posts about FAPI | Blog | Curity](https://curity.io/blog/tags/fapi/): Blog articles related to financial grade API security, insights for when you need to go beyond standard application security. | Blog | Curity - [Blog posts about ciam | Curity Identity Server](https://curity.io/blog/tags/ciam/): Learn about ciam - [Blog posts about Identity and Access Management | Blog | Curity](https://curity.io/blog/tags/iam/): Blog articles on identity and access management best practices. Learn how to create a modern identity infrastructure from our experts. | Blog | Curity - [Blog posts about Identity | Blog | Curity](https://curity.io/blog/tags/identity/): Blog posts on how to manage digital identities securely in both small and large scale systems from our identity specialists. | Blog | Curity - [Blog posts about Zero Trust Security | Blog | Curity](https://curity.io/blog/tags/zero-trust/): Learn about the Zero Trust Architecture (ZTA) approach on the Curity blog. Why it has become so popular and why identity is the new perimeter. | Blog | Curity - [Blog posts about Privacy | Blog | Curity](https://curity.io/blog/tags/privacy/): Articles covering data privacy concerns and offering insights on how to protect user data and comply with privacy laws. | Blog | Curity - [Blog posts about the Token Handler Pattern | Blog | Curity](https://curity.io/blog/tags/token-handler-pattern/): The Token Handler pattern is a great approach for Single Page Application security. Our blog articles offer best practices and practical advice. | Blog | Curity - [Blog posts about decentralized-identity | Curity Identity Server](https://curity.io/blog/tags/decentralized-identity/): Learn about decentralized-identity - [Blog posts about Open Banking | Blog | Curity](https://curity.io/blog/tags/open-banking/): What's next for Open Banking? Our experts offer insights on Open Banking in different regions, updates and upcoming trends. | Blog | Curity - [Blog posts about CIBA | Blog | Curity](https://curity.io/blog/tags/ciba/): Blog posts exploring the Client Initiated Backchannel Authentication (CIBA) specification from the OpenID Connect Foundation. | Blog | Curity - [Blog posts about PSD2 | Blog | Curity](https://curity.io/blog/tags/psd2/): Blog posts discussing PSD2 and Open Banking - what's next for the regulation and how to keep up with the latest developments. | Blog | Curity - [Blog posts about Hypermedia API | Blog | Curity](https://curity.io/blog/tags/hypermedia-api/): Curity identity specialists share insights and use cases related to Curity's hypermedia authentication API in this blog section. | Blog | Curity - [Blog posts about did | Curity Identity Server](https://curity.io/blog/tags/did/): Learn about did - [Blog posts about WebAuthn | Blog | Curity](https://curity.io/blog/tags/webauthn/): Learn about the WebAuthn specification, best practices, news and use cases on our blog. | Blog | Curity - [Blog posts about Multi-Factor Authentication | Blog | Curity](https://curity.io/blog/tags/multi-factor-authentication/): What are the best practices for multi-factor authentication (MFA)? On our blog, we share the benefits and our recommendations for MFA. | Blog | Curity - [Blog posts about hosting APIs in multiple regions | Blog | Curity](https://curity.io/blog/tags/multi-region/): How do you manage user data and protect APIs hosted in multiple regions? Curity experts share their insights on our blog. | Blog | Curity - [Blog posts about App2app Login | Blog | Curity](https://curity.io/blog/tags/app2app/): Blog posts on best practices for app2app login. Learn about the app2app authentication pattern ideal for modern Open Banking implementations. | Blog | Curity - [Blog posts written by Bill Doerrfeld | Blog | Curity](https://curity.io/author/bill-doerrfeld/): Bill is a tech journalist and the Editor in Chief for Nordic APIs, where he analyzes cutting-edge technologies in enterprise cloud software and API ecosys... - [Blog posts written by Andrew Hindle | Blog | Curity](https://curity.io/author/andrew-hindle/): Andrew is an independent consultant focusing on digital identity, privacy, cyber security, and corporate governance. He is the - [Blog posts written by Travis Spencer | Blog | Curity](https://curity.io/author/travis-spencer/): Travis has worked extensively with organizations in various industries in both the US, Europe, and elsewhere who are adopting cloud and mobile computing. ... - [Blog posts written by Glenn van Lint | Blog | Curity](https://curity.io/author/glenn-van-lint-identit/): Glenn is a renowned (C)IAM Expert at IdentIT. He has an extensive background in customer identity and access management, and has been a featured speaker a... - [Blog posts written by Curity | Blog | Curity](https://curity.io/author/curity/): Find blog posts written by Curity's product engineers, discussing topics - [Blog posts written by Michal Trojanowski | Blog | Curity](https://curity.io/author/michal-trojanowski/): Michał Trojanowski is a Product Marketing Engineer at Curity. He is a developer with more than 10 years of experience working with web technologies. Worki... - [Blog posts written by Jacob Ideskog | Blog | Curity](https://curity.io/author/jacob-ideskog/): Jacob Ideskog is an Identity Specialist and CTO at Curity. Most of his time is spent working with security solutions in the API and Web space. He has work... - [Blog posts written by Keri LeBlanc | Blog | Curity](https://curity.io/author/keri-leblanc/): Keri is part of the Curity marketing team working on communications, public relations and strategy. She has worked extensively in the technology sector wi... - [Blog posts written by Simon Andersson | Blog | Curity](https://curity.io/author/null/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Blog posts written by Judith Kahrer | Blog | Curity](https://curity.io/author/judith-kahrer/): Judith is a Product Marketing Engineer, with a keen interest in security and identity. She started her working life as a developer and moved onto being a ... - [Blog posts written by Stefan Nilsson | Blog | Curity](https://curity.io/author/stefan-nilsson/): Stefan Nilsson is Curity’s Chief Commercial Officer, leading Curity’s global sales activities. He has a software engineering background, 15 years of exper... - [Blog posts written by Kim Freskgård | Blog | Curity](https://curity.io/author/kim-freskg%C3%A5rd/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Blog posts written by Daniel Lindau | Blog | Curity](https://curity.io/author/daniel-lindau/): Daniel Lindau is an identity specialist and Technical Director of Professional Services at Curity. He spends his days helping companies of all sizes desig... - [Blog posts written by Damian Curry | Blog | Curity](https://curity.io/author/damian-curry/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Blog posts written by Anders Eknert | Blog | Curity](https://curity.io/author/anders-eknert/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Blog posts written by Jonas Iggbom | Blog | Curity](https://curity.io/author/jonas-iggbom/): Director of Sales Engineering at Curity, has over 20 years of experience in product management and technical sales in access control and endpoint security... - [Blog posts written by Gary Archer | Blog | Curity](https://curity.io/author/gary-archer/): Gary is a Product Marketing Engineer at Curity. For 20 years, he worked as a Lead Developer and Solutions Architect, providing investment banking solution... - [Blog posts written by Alexander Salwey | Blog | Curity](https://curity.io/author/alexander-salwey/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Blog posts written by Per-Gustaf Stenberg | Blog | Curity](https://curity.io/author/per-gustaf-stenberg/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Blog posts written by David Treece | Blog | Curity](https://curity.io/author/david-treece/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Blog posts written by Mark Dobrinic | Blog | Curity](https://curity.io/author/mark-dobrinic/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Securing the Backbone of the Internet: How Arelion Built an Independent Identity Foundation with Curity | Curity Identity Server](https://curity.io/company/customers/curity-securing-the-backbone-of-the-internet-arelion/): Arelion is a leading light in global connectivity services. They’ve been keeping the world connected since 1993 and today their global IP… - [How Skandia Scaled Digital Banking with Curity Identity Server | Curity Identity Server](https://curity.io/company/customers/how-skandia-scaled-digital-banking-with-curity/): Founded in 1855, Skandia is one of Sweden’s leading financial services providers, spanning banking, pensions, capital management and life… - [If and the Curity Identity Server | If Insurance built a secure, scalable identity platform powering partners, customers and AI](https://curity.io/company/customers/if/): If Insurance is the leading property and casualty insurer in the Nordic region, with over 4.5 million customers in the Nordic and Baltic… - [Curity Helps SproutLoud Build a Unified Identity Platform | Curity](https://curity.io/company/customers/sproutloud/): SproutLoud is a leading SaaS-based through-channel marketing automation platform that provides software, service, and solutions designed to… - [Curity Helped Ikano Bank to Streamline Identity Management | Curity](https://curity.io/company/customers/ikano-bank/): Ikano Bank, started by the founder of IKEA, creates possibilities for better living by offering simple, fair and affordable services… - [Curity Identity Server Powers Authentication for Scandic Hotels | Curity](https://curity.io/company/customers/scandic-hotels/): Scandic Hotels, operating under the industry-leading brand Scandic, is the largest Nordic hotel operator with a network of about 280 hotels… - [Santander Enhances API Security with the Curity Identity Server | Curity](https://curity.io/company/customers/santander-strengthens-api-security-with-curity/): Santander Nordics is part of Banco Santander, one of the world's largest financial groups. Operating in Finland, Sweden, Norway, and Denmark… - [HealthHero Future-proofs its Virtual Healthcare Services with Curity | Curity Identity Server](https://curity.io/company/customers/healthhero/): HealthHero is a digital-first, end-to-end healthcare provider which exists to simplify healthcare and improve lives. HealthHero connects… - [Curity Enhances E.ON's Efficiency, UX, and Tech Integration | Curity](https://curity.io/company/customers/eon-sweden/): E.ON is a leading international energy company headquartered in Essen, Germany. Established in 2000, E.ON is dedicated to delivering… - [Entercard Secures Microservices and Meets Banking Regulations | Curity](https://curity.io/company/customers/entercard/): Entercard Group AB is one of Nordic's leading credit market companies present in Norway, Sweden, Denmark, and Finland. Entercard creates… - [Arion Banki Implements Open Banking Protection | Curity](https://curity.io/company/customers/arion-banki/): Arion Banki is an Icelandic bank with roots tracing back to 1930. The bank operates in the Greater Reykjavík area as well as in the largest… - [Curity Helped dmTECH Secure Online Sales | Curity Identity Server](https://curity.io/company/customers/dm-tech-dm-drogerie-markt/): dm-drogerie markt, a popular drugstore retailer across Europe, operates a network of over 3,800 retail outlets employing more than 66,00… - [Ziklo (Volvofinans) Bank and Curity | Curity Identity Server](https://curity.io/company/customers/volvofinans/): Volvofinans Bank, founded in 1959 and part of the larger Volvo ecosystem, is the mobility bank. By offering a wide range of financing… - [Bjorn Lunden unifies authentication and accelerates growth with Curity and Elastx | Curity Identity Server](https://curity.io/company/customers/bjorn-lunden-unifies-authentication-and-accelerates-growth-with-curity/): Bjorn Lunden is a knowledge and software company that simplifies everyday life for thousands of companies and accounting firms, who use… - [Curity Helps ATG Transition to a Microservice Architecture | Curity](https://curity.io/company/customers/atg/): ATG is the betting company that knows horse racing. The company was founded in 1974 with the mission to safeguard the long-term development… - [Nowcom Improves Login Security with Curity | Curity Identity Server](https://curity.io/company/customers/nowcom/): Nowcom is a technology company, developing technology solutions for the automotive and financial services verticals. Nowcom is one of seven… - [Curity Identity Server and Com Hem (Tele2) | Curity Identity Server](https://curity.io/company/customers/comhem-tele2/): Com Hem, now a part of Tele2, was established in 1983 and is one of Sweden's leading suppliers of TV, telephony and high-speed internet… - [Bankdata modernizes identity infrastructure with the Curity Identity Server | Curity](https://curity.io/company/customers/bankdata/): Bankdata was founded in 1966 and is today a modern IT company with 700 employees. Bankdata is owned by 9 Danish banks, who are also their… - [Maersk Customs Services Adopts Modern, Secure Architecture | Curity](https://curity.io/company/customers/maersk-customs-services/): Maersk Customs Services (formerly KGH Customs Services) is a major customs broker at the border between Norway and Sweden, and an important… - [How Curity Helped Poppulo Achieve an API-First Strategy | Curity](https://curity.io/company/customers/poppulo/): Poppulo is a global leader in employee communications technology, based in Cork, Ireland. Poppulo’s pioneering software and expert advisory… - [PagerDuty and the Curity Identity Server | Curity Identity Server](https://curity.io/company/customers/pagerduty/): PagerDuty was founded by three innovative software developers who knew what it was like to carry the pager for “always-on” cloud services… - [PayEx Establishes a Secure and Flexible IAM System | Curity Identity Server](https://curity.io/company/customers/payex/): Founded in 1972, PayEx are the Nordic region's foremost experts in invoicing, financing and payment services, employing approximately 75… - [The Curity Identity Server and Dun & Bradstreet | Curity Identity Server](https://curity.io/company/customers/bisnode/): Bisnode, a Dun & Bradstreet company, is a leading European data and analytics provider with almost 2,500 employees operating in 18 countries… - [Umbrella Associates | Curity Identity Server](https://curity.io/company/partners/umbrella-associates/): We live and love IAM consulting. As a boutique advisory and system integrator, we focus on designing secure and user-friendly strategies in… - [Futurex | Curity Identity Server](https://curity.io/company/partners/futurex/): For over 40 years, Futurex has been an award-winning leader and innovator in the encryption market, delivering uncompromising enterprise… - [Arctic Group | Curity Identity Server](https://curity.io/company/partners/arctic-group/): Arctic Group is your strategic partner for advancing your security. We help you strengthen your digital infrastructure and safeguard your… - [Loihde | Curity Identity Server](https://curity.io/company/partners/loihde/): Loihde enables business continuity. We help our customers to gain a sustainable competitive edge through data, AI and digitalisation, to… - [Savyint | Curity Identity Server](https://curity.io/company/partners/savyint/): SAVYINT is an IT security company in Sydney, Australia, with an R&D Center in Hanoi and international offices in Singapore, Dubai, Ho Chi… - [Trinsic | Curity Identity Server](https://curity.io/company/partners/trinsic/): Trinsic is the first identity acceptance network. We augment identity verification with acceptance of 60 million pre-verified users. - [TECHSERIO | Curity Identity Server](https://curity.io/company/partners/techserio/): TECHSERIO is a specialized IT consultancy with extensive experience in implementing and customizing the Curity Identity Server. Our team… - [Omegapoint | Curity Identity Server](https://curity.io/company/partners/omegapoint/): Omegapoint are leaders in cybersecure digitalization in Northern Europe. With a vision of a future where technology can be trusted, the… - [Shiftkey People AB | Curity Identity Server](https://curity.io/company/partners/shiftkey-people/): Shiftkey People is an IT consultancy company based in Sweden. We have senior consultants who are experts in enterprise & solution… - [IdentIT | Curity Identity Server](https://curity.io/company/partners/identit/): In today's digital landscape, Identity & Access Management is the cornerstone of a successful digital-first strategy. IdentIT is a trusted… - [APIsec University | Curity Identity Server](https://curity.io/company/partners/apisec-university/): APIsec University wish to provide free, high-quality education and resources on all aspects of API security that are easily accessible… - [Naoplay | Curity Identity Server](https://curity.io/company/partners/naoplay/): Naoplay is a technology integration services consulting firm that specializes in a wide range of projects, including selecting and… - [Ductus | Curity Identity Server](https://curity.io/company/partners/data-ductus/): Data Ductus is an experienced Curity partner that has been supporting organizations with their Curity solutions for many years in several… - [CASQUE | Curity Identity Server](https://curity.io/company/partners/casque/): Secure Your Digital Assets by using CASQUE integrated with Curity CASQUE Multi-factor Authentication delivers Zero Trust Access with Zero… - [Capgemini | Curity Identity Server](https://curity.io/company/partners/capgemini/): As a leading strategic partner to companies around the world, we have leveraged technology to enable business transformation for more than… - [Signicat | Curity Identity Server](https://curity.io/company/partners/signicat/): Signicat's vision is to be the preferred provider of electronic identity services to customers in regulated industries. Signicat specializes… - [Elastisys | Curity Identity Server](https://curity.io/company/partners/elastisys/): Elastisys has built a strong and cutting-edge team of DevOps experts, PhDs and Certified Kubernetes Administrators from all over the world… - [ngrok | Curity Identity Server](https://curity.io/company/partners/ngrok/): ngrok is the leading way to make any application, device, or service globally available in seconds. ngrok wraps the complexity of… - [Tyk | Curity Identity Server](https://curity.io/company/partners/tyk/): Tyk is a leading cloud native API Management Platform, powered by an Open Source API gateway, and complete with analytics, developer portal… - [Beyond Identity | Curity Identity Server](https://curity.io/company/partners/beyond-identity/): Beyond Identity provides the most secure authentication platform in the world. Breaking down barriers between cybersecurity, identity, and… - [Webtide | Curity Identity Server](https://curity.io/company/partners/webtide/): Webtide started many years ago when the idea of asynchronous servlets were in their infancy and the Jetty project created its Continuations… - [Styra | Curity Identity Server](https://curity.io/company/partners/styra/): Styra is the creator and maintainer of the open source project Open Policy Agent, OPA. With OPA you can decouple your authorization from API… - [Yubico | Curity Identity Server](https://curity.io/company/partners/yubico/): Yubico sets new global standards for simple and secure access to computers, servers, and internet accounts. The company’s core invention… - [Freja eID | Curity Identity Server](https://curity.io/company/partners/freja-eid/): Freja eID is an electronic identity ecosystem including services for both end users and relying parties in public and private sector. The… - [SoftwareONE | Curity Identity Server](https://curity.io/company/partners/software-one/): SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions, headquartered in Switzerland. With… - [Pointsharp | Curity Identity Server](https://curity.io/company/partners/pointsharp/): Pointsharp is a European cybersecurity company that enable organizations to secure data, identities and access in a user friendly way… - [Pagerduty | Curity Identity Server](https://curity.io/company/partners/pagerduty/): PagerDuty, Inc. (NYSE:PD) is a leader in digital operations management. In an always-on world, organizations of all sizes trust PagerDuty to… - [Oracle | Curity Identity Server](https://curity.io/company/partners/oracle/): A cloud technology company that provides organizations around the world with computing infrastructure and software to help them innovate… - [NGINX | Curity Identity Server](https://curity.io/company/partners/nginx/): NGINX, now a part of F5, Inc., is the company behind the popular open source project, NGINX. We offer a suite of technologies for developing… - [Fujitsu | Curity Identity Server](https://curity.io/company/partners/fujitsu/): Fujitsu is the leading Japanese information and communication technology (ICT) company offering a full range of technology products… - [Duo | Curity Identity Server](https://curity.io/company/partners/duo/): Duo Security, now part of Cisco, is the leading multi-factor authentication (MFA) and Zero Trust for the Workforce provider. Duo's zero… - [Coda | Curity Identity Server](https://curity.io/company/partners/coda/): Coda helps companies accelerate their cloud-native transformation. Using its unique DevOptimized™ approach, Coda works with customers of all… - [Cockroach Labs | Curity Identity Server](https://curity.io/company/partners/cockroach-labs/): CockroachDB is a distributed SQL database—it supports transactions while also automatically replicating your data for elastic scale… - [Azul | Curity Identity Server](https://curity.io/company/partners/azul/): Azul serves companies and organizations that need to deliver server-based Java applications for their web-facing customers (travel, online… - [Atea | Curity Identity Server](https://curity.io/company/partners/atea/): Atea is the largest and leading supplier in license management in Sweden and the Nordic countries. Our organization allows us to meet all… - [Apiable | Curity Identity Server](https://curity.io/company/partners/apiable/): For organizations who put APIs first, apiable.io offers an API Portal as a Service, meaning you can get your API Products out to your… - [Applicon | Curity Identity Server](https://curity.io/company/partners/applicon/): Applicon is an IT company in the banking and finance sector. During its 23 years, the company has collaborated with several banks and… - [Criipto | Curity Identity Server](https://curity.io/company/partners/criipto/): Criipto is a Copenhagen based company enabling businesses to seamlessly and securely weave real user identity into their digital services… - [Urban Sandén | Curity Careers](https://curity.io/company/careers/urban-sanden/): Words from our team - Urban Sandén - [Suren Khatana | Curity Careers](https://curity.io/company/careers/suren-khatana/): Words from our team - Suren Khatana - [Matus Marko | Curity Careers](https://curity.io/company/careers/matus-marko/): Words from our team - Matus Marko - [Nathan Watson | Curity Careers](https://curity.io/company/careers/nathan-watson/): Words from our team - Nathan Watson - [Gary Archer | Curity Careers](https://curity.io/company/careers/gary-archer/): Words from our team - Gary Archer - [Pedro Brito | Curity Careers](https://curity.io/company/careers/pedro-brito/): Words from our team - Pedro Brito - [Judith Kahrer | Curity Careers](https://curity.io/company/careers/judith-kahrer/): Words from our team - Judith Kahrer - [Jonas Iggbom | Curity Careers](https://curity.io/company/careers/jonas-iggbom/): Words from our team - Jonas Iggbom - [Sathya Duraisamy | Curity Careers](https://curity.io/company/careers/sathya-duraisamy/): Words from our team - Sathya Duraisamy - [Nikos Anestos | Curity Careers](https://curity.io/company/careers/nikos-anestos/): Words from our team - Nikos Anestos - [Peter Hagren | Curity Careers](https://curity.io/company/careers/peter-hagren/): Words from our team - Peter Hagren - [Ambati Murali Krishna | Curity Careers](https://curity.io/company/careers/ambati-murali-krishna/): Words from our team - Ambati Murali Krishna - [When AI Agents Meet Customers: Getting Security Right | Webinars](https://curity.io/resources/webinars/when-ai-agents-meet-customers-getting-security-right/): AI agents are already handling customer interactions in production, in insurance, banking, digital commerce. The business case is… - [MCP and AI Agents: Identity Strategies for Safe API Access | Webinars](https://curity.io/resources/webinars/mcp-and-ai-agents-identity-strategies-for-safe-api-access-webinar/): AI technologies are advancing fast, bringing both new opportunities and new challenges for digital businesses. There is the potential to… - [Harden Data Security with Non-human Identities | Webinars](https://curity.io/resources/webinars/harden-data-security-with-non-human-identities/): As businesses scale and systems become more interconnected, the number of non human identities - including APIs, workload identities, IoT… - [Fast, Dynamic ... and Insecure? Rethinking Web App Security in the Modern Era | Webinars](https://curity.io/resources/webinars/rethinking-web-app-security-in-the-modern-era/): Web developers are constantly told how to build faster, more dynamic web applications. But what’s often missing is a modern view of how to… - [Scalable Access Control for APIs | Webinars](https://curity.io/resources/webinars/scalable-access-control-for-apis/): API platforms are growing, and the need to provide a scalable access control model is more important than ever. In this webinar, Curity… - [Cloud Native Data Security with OAuth - A Fireside Chat with the Authors | Webinars](https://curity.io/resources/webinars/fireside-chat-cloud-native-data-with-oauth/): Many developers think of OAuth as just a way to get access tokens - but there’s more to it than that. Join authors Gary Archer, Judith… - [Rethinking CIAM: The New Age of Customer Identity | Webinars](https://curity.io/resources/webinars/rethinking-ciam-the-new-age-of-customer-identity/): As digital customer access continues to evolve, organizations are reaching a pivotal point with how they manage and protect customer… - [Customer-Centric Security for Digital Banks | Webinars](https://curity.io/resources/webinars/customer-centric-security-for-digital-banks/): Delivering new services quickly and with forward-looking innovation requires business agility that creates unique security demands. From… - [Your Wallet, Your Rules: Decentralized Identity and Digital Wallets | Webinars](https://curity.io/resources/webinars/your-wallet-your-rules-decentralized-identity-and-digital-wallets/): Decentralized identities revolutionize the foundation of identification and authentication processes. Soon, the technologies and standards… - [Security Post-Cookie Deprecation: The Way Forward | Webinars](https://curity.io/resources/webinars/security-after-third-party-cookie-deprecation/): In the last few years, browser security has been strengthened by the introduction of same site cookies. This improves web application… - [Secure SPAs: Cookie Security with the Token Handler | Webinars](https://curity.io/resources/webinars/secure-single-page-applications-token-handler/): Single Page Applications (SPAs) offer powerful options for a modern web architecture. They ensure efficient developer experience for rapid… - [Privacy-Enabled Credentials Empower Users to Control Data Sharing | Webinars](https://curity.io/resources/webinars/privacy-enabled-credentials/): Decentralized identity is a new paradigm of internet identity. Part of the promise is that the user is given back the control over their… - [Transition to Passwordless Authentication with Passkeys | Webinars](https://curity.io/resources/webinars/passwordless-authentication-how-to-migrate-from-passwords-to-passkeys/): Using passwords for user logins has multiple problems. Passwords can be captured in phishing attacks, or even worse, in server breaches. The… - [API Keys Aren’t Enough: How to Defend Your APIs From Attacks | Webinars](https://curity.io/resources/webinars/api-keys-arent-security-how-to-protect-your-apis-from-attacks/): API keys are still a widespread method for protecting APIs. Though the name sounds secure, API keys do not offer robust security. Sensitive… - [Next Generation OAuth and OpenID Connect | Webinars](https://curity.io/resources/webinars/next-generation-oauth-openid-connect/): Security is becoming increasingly crucial for business success and growth. This puts teams under extra pressure to ensure that chosen… - [The Future of Digital Identity: Decentralized Identity and Verifiable Credentials | Webinars](https://curity.io/resources/webinars/decentralized-identity-and-verifiable-credentials/): A paradigm shift is upon us. It will put users in control of who they share their identity data with. By certifying this identity data as a… - [Getting Started with Identity and Access Management | Webinars](https://curity.io/resources/webinars/getting-started-with-identity-and-access-management/): Starting your identity and access management (IAM) journey is a challenging task. As the digital world is becoming even more complex, ad hoc… - [How to Implement Zero Trust API Security | Webinars](https://curity.io/resources/webinars/how-to-implement-zero-trust-api-security/): APIs and microservices are exposed to multiple threats, including unauthorized access and escalation of privilege. Using a Zero Trust… - [Seamless Mobile Login and Application Attestation | Webinars](https://curity.io/resources/webinars/authentication-API-seamless-mobile-login-and-application-attestation/): This webinar shows you how Curity’s hypermedia login API enables seamless API-based login from any device or browser. Creating secure… - [Browser-Less, MFA Login API for All Devices | Webinars](https://curity.io/resources/webinars/curity-identity-server-login-api/): Join this webinar to learn all about Curity's new login API which enables browser-less API-based login from any device or browser. It allows… - [Remove Bottlenecks with Curity’s DevOps Dashboard | Webinars](https://curity.io/resources/webinars/introducing-the-devops-dashboard/): In this webinar, we take a closer look at the ‘DevOps Dashboard’, introduced in Curity Identity Server 5.3. It is a Web application that… - [Managing Identities and App Security | Webinars](https://curity.io/resources/webinars/managing-identities-and-app-security-complex-it-environment/): Many large organizations face a major security challenge due to the many and varied authentication and authorization solutions deployed… - [Phishing Resistant Passwordless Authentication | Webinars](https://curity.io/resources/webinars/phishing-resistant-passwordless-authentication-curity-yubico/): Most people will use the same password across many different web apps, making their online accounts vulnerable to attack. For example, if… - [Using OAuth, OIDC, and OPA for Fine-Grained Authorization | Webinars](https://curity.io/resources/webinars/using-oauth-oids-opa-for-fine-grained-authorization/): OAuth and OpenID Connect (OIDC) are relatively mature and well-adopted standards. These work well for authentication in general and user… - [Orchestrating Secure User Login with Authentication Actions | Webinars](https://curity.io/resources/webinars/orchestrating-secure-user-login-with-authentication-actions/): Identity and access management (IAM) aims to give digital entities the right access to the right resources at the right time. One challenge… - [API Security and Authorization | Courses](https://curity.io/resources/webinars/course-api-security-and-authorization/): In this course, we give an overview of API security and authorization, look at requirements and outline some best practices to adopt. We… - [An Engineer’s Guide to Signature Algorithms and EdDSA | Webinars](https://curity.io/resources/webinars/engineers-guide-signature-algorithms-eddsa/): A Zero-Trust Architecture is a token based architecture. The security of a token based architecture is as strong as its tokens. In the end… - [The Flavors of Multi-Factor Authentication | Webinars](https://curity.io/resources/webinars/flavours-multi-factor-authentication/): Using multi-factor authentication (MFA) significantly reduces the risk of user accounts being compromised due to password theft. Today MFA… - [Deploying the Curity Identity Server | Courses](https://curity.io/resources/webinars/course-deploying-curity-identity-server/): This course is all about concepts and best practices for deploying the Curity Identity Server. It covers aspects such as the deployment… - [Hardening Single Page Application Security | Webinars](https://curity.io/resources/webinars/hardening-single-page-app-security/): When it comes to user experience and infrastructure management, Single Page Applications (SPA) are great, but securing them can be difficult… - [Building an Identity Architecture | Courses](https://curity.io/resources/webinars/course-building-identity-architecture/): This online four-part course is focused on best practices to build a centralized and modular identity architecture based on open standards… - [Curity Identity Server Demo | Webinars](https://curity.io/resources/webinars/demo-curity-identity-server/): In this demo, we give you a comprehensive overview of the Curity Identity Server. What it is and what problems it helps you solve. Bringing… - [Financial-Grade APIs Now and in the Future | Webinars](https://curity.io/resources/webinars/financial-grade-apis-now-and-in-the-future/): Open banking continues to be a topic of interest in financial services across the globe. Organizations need to adapt to regulatory and… - [Introduction to OAuth & OpenID Connect | Webinars](https://curity.io/resources/webinars/introduction-to-oauth-openid-connect/): APIs are used in virtually any modern digital services today, and OAuth 2 and OpenID Connect are the standards for secure APIs, the Internet… - [Adaptive Authentication in OAuth Using Geo-location Data | Webinars](https://curity.io/resources/webinars/adaptive-authentication-in-oauth-using-geo-location-data/): In order to provide a safe login experience, more adaptive login methods are often needed. Applications integrated with the Curity Identity… - [Financial Grade APIs Using OAuth & OpenID Connect | Webinars](https://curity.io/resources/webinars/financial-grade-apis-with-oauth-and-oidc/): Financial-grade security is important not only for the financial sector. This level of security is also necessary for other industries, such… - [Raising and reacting to alarms with the Curity Identity Server | Webinars](https://curity.io/resources/webinars/raising-and-reacting-to-alarms-with-the-curity-identity-server/): Quickly identifying issues is key to minimize impact. The 5.2 version of the Curity Identity Server includes a powerful system monitor, and… - [OpenID Connect in Detail | Courses](https://curity.io/resources/webinars/course-openid-connect-in-detail/): In this 4 part online course you will get a comprehensive understanding of OpenID Connect. You will learn about important aspects of OpenID… - [JWT Security Best Practices | Courses](https://curity.io/resources/webinars/course-jwt-security-best-practice/): In this 1 part online course we outline some best practices for using JWTs, so that you can maintain a high level of security in your… - [Getting Started with OAuth and OpenID Connect | Courses](https://curity.io/resources/webinars/course-getting-started-with-oauth-and-openid-connect/): In this 8 part online course you will get a comprehensive introduction to OAuth and OpenID Connect to help you get started with implementing… - [Hypermedia Authentication API - Mobile Attestation on iOS | Webinars](https://curity.io/resources/webinars/haapi-mobile-attestation-on-ios/): In this webinar, we focus on the attestation of iOS clients which is supported in the latest release of the Curity Identity Server. These… - [Secure eID Access to Cloud Platforms | Webinars](https://curity.io/resources/webinars/secure-eid-access-to-cloud-platforms/): In this webinar Signicat and Curity explore how you can achieve secure and easy eID authentication to cloud platforms. With increased… - [Understanding CIBA - What it is and how it works | Webinars](https://curity.io/resources/webinars/understanding-ciba-what-is-it-and-how-does-it-work/): Allowing app users to smoothly and securely authenticate has long been a challenge. A standards-based way to address this is to use Client… - [App2App Login with Authentication Workflows | Webinars](https://curity.io/resources/webinars/app2app-authentication-workflows/): PSD2 and the Financial-grade API (FAPI) from the OpenID Foundation have helped popularize mobile app authenticator flows. Common patterns… - [Guarding privacy and security using API Gateways | Webinars](https://curity.io/resources/webinars/guarding-privacy-and-security-using-api-gateways/): In this webinar NGINX and Curity explore ways to elevate privacy and security using API Gateways. In today’s world, APIs are ubiquitous… - [Identity: The Kill Switch For API-Driven Digital Sovereignty - Curity at Platform Summit 2025 | Videos](https://curity.io/resources/videos/identity-kill-switch-for-api-driven-digital-sovereignty/): A session by Curity’s Daniel Lindau on how identity acts as a kill switch in API-first systems, the risks of relying on external IAM and gateways, and how open standards and wallet-based identities support digital sovereignty. - [Ghosts, Zombies, and Robots: Handing Off Control to the Non-Humans - Curity at Platform Summit 2025 | Videos](https://curity.io/resources/videos/ghosts-zombies-and-robots-handing-off-control-to-the-non-humans/): A talk by Jacob Ideskog on emerging API security challenges as AI clients, smart recipients, and short-lived workloads reshape the landscape. Learn how OAuth can protect privacy, reduce risk, and restore control in a fast-moving, non-human internet. - [How to Design Secure MCP Deployments - Curity at Platform Summit 2025 | Videos](https://curity.io/resources/videos/how-to-design-secure-mcp-deployments-platform-summit-2025/): A talk by Curity’s Gary Archer on managing MCP authorization within modern API architecture. Learn how an authorization-first design works, key threats and mitigations for MCP clients, and how to enable secure, high-value API access for AI agents. - [MCP Client — Just Another OAuth Client? - Curity at Platform Summit 2025 | Videos](https://curity.io/resources/videos/mcp-client-just-another-oauth-client/): A talk by Curity’s Michal Trojanowski on how authorization works in the Model Context Protocol, how it differs from securing APIs, when OAuth features like consent and refresh tokens matter, and whether an MCP gateway is needed for strong protection. - [Panel Discussion: API Security in the Age of AI - Platform Summit 2025 | Videos](https://curity.io/resources/videos/api-security-in-the-age-of-ai-discussion/): A keynote panel with experts from Apple, Nordic APIs, Curity, Semgrep, and Axiomatics on securing APIs against AI-driven abuse. Learn the guardrails, standards, and strategies needed as AI agents and new protocols enable autonomous API access. - [A Decade of Identity Innovation: Curity at 10 | Videos](https://curity.io/resources/videos/a-decade-of-identity-innovation/): Curity turns 10. We sat down with one of the founders - Curity CTO Jacob Ideskog - to reflect on the journey so far and what lies ahead. - [Why Are We Talking about Decentralized Identity Now? | Curity | Videos](https://curity.io/resources/videos/why-talk-about-decentralized-identity-now/): Why is decentralized identity gaining momentum now and why the old identity system that we have been using is on the way out? - [How Do Decentralized Identifiers Relate to API Security? | Curity | Videos](https://curity.io/resources/videos/how-do-decentralized-identifiers-relate-to-api-security/): How do decentralized identifiers relate to API security - and how the paradigm shift will change the process of API building - [What Are the Benefits of Decentralized Identity for Organizations? | Curity | Videos](https://curity.io/resources/videos/what-are-the-benefits-of-decentralized-identity-for-organizations/): How does the decentralized identity model benefit businesses in terms of user experience, mitigating risks, and compliance to standards? - [How Do Decentralized Identifiers and Verifiable Credentials Work? | Videos](https://curity.io/resources/videos/how-do-decentralized-identifiers-and-verifiable-credentials-work/): How do decentralized identifiers (DIDs) and verifiable credentials (VC) work and how a decentralized identity system is different from a federated model? - [Do Decentralized Identifiers Require a Blockchain? | Curity | Videos](https://curity.io/resources/videos/do-decentralized-identifiers-require-blockchain/): Blockchain is great but is it necessary to use it when implementing decentralized identity? - [What Are Decentralized Identifiers and Verifiable Credentials? | Curity | Videos](https://curity.io/resources/videos/what-are-decentralized-identifiers-and-verifiable-credentials/): Learn how decentralized identifiers and verifiable credentials empower users to control their data within a decentralized identity framework. - [How Will Decentralized Identity Impact the Digital Identity Space? | Curity | Videos](https://curity.io/resources/videos/shift-to-decentralized-identity-affect-digital-identity-space/): Explore the shift to decentralized digital identity and what it means for the future. - [What is Decentralized Identity? | Curity | Videos](https://curity.io/resources/videos/what-is-decentralized-identity/): Discover what decentralized identity is and how it helps organizations protect user data while giving users more control over their digital identities. - [The Business Benefits of Strong AI Identity Foundations | Curity | Videos](https://curity.io/resources/videos/identity-in-ai-building-security-that-enables-growth/): Strong identity foundations bring clarity and efficiency to AI systems. Discover how secure design accelerates development and drives business value. - [Curity’s Approach to AI Identity and Access Security | Curity | Videos](https://curity.io/resources/videos/extending-proven-api-security-principles-to-ai/): Curity extends proven API security principles to AI systems. Token-based architecture and layered protection ensure secure, flexible access control. - [AI Agents and New Security Challenges | Curity | Videos](https://curity.io/resources/videos/identity-and-security-challenges-ai-agents/): AI agents can adapt and make independent choices, introducing new security risks. Learn how to keep access appropriate and prevent misuse. - [AI Agents and Dynamic Access Control | Curity | Videos](https://curity.io/resources/videos/ai-agents-explained-dynamic-access-control-and-human-oversight/): AI agents work in changing contexts. Discover why consent and approval must evolve to maintain trust and security throughout an agent’s lifecycle. - [Securing MCP APIs for AI Systems | Curity | Videos](https://curity.io/resources/videos/mcp-explained-building-trust-between-ai-and-apis/): An MCP API helps AI systems interact securely with applications. Explore how token-based design and access control keep them safe and adaptable. - [Why Identity Matters in AI Security | Curity | Videos](https://curity.io/resources/videos/why-identity-is-central-to-securing-ai-systems/): Every system needs a clear identity. See why understanding who or what acts within AI systems is key to maintaining control and accountability. - [How AI Is Changing the Security Landscape | Curity | Videos](https://curity.io/resources/videos/how-ai-is-transforming-the-security-landscape/): AI introduces new security challenges around trust and access. Learn why delegating access to AI systems requires new thinking and how to manage control effectively. - [Using Claims in OAuth and How They Relate to Scopes | Videos](https://curity.io/resources/videos/oauth-claims-ontology/): Learn what claims are in OAuth as Travis Spencer explains their role, usage, and how they fit into OAuth flows and system actors. - [Curity Identity Server: Community Edition | Videos](https://curity.io/resources/videos/curity-identity-server-community-edition/): Explore the Curity Identity Server Community Edition—free to use, easy to set up, and packed with OAuth and OIDC features for developers. - [Best Practices for Access Token Claims in APIs | Videos](https://curity.io/resources/videos/claims-best-practices/): Learn how to return custom claims from an API endpoint and include them in access tokens, following claims best practices for scalable, secure API authorization. - [How to Configure an OAuth Client in the Curity Identity Server | Videos](https://curity.io/resources/videos/configure-oauth-client/): Create and configure an OAuth client in Curity Identity Server using the Admin UI—including setting client ID, flows, redirect URIs, scopes, and testing tools. - [How to Install Curity's Community Edition using Docker | Videos | Videos](https://curity.io/resources/videos/curity-identity-server-community-edition-demo/): Learn how to easily install the free Curity Identity Server Community Edition using Docker in this step-by-step video guide. - [A Tale of Truths In a Microservice Architecture | Videos](https://curity.io/resources/videos/tale-of-truths-in-a-microservice-architecture/): Jacob Ideskog explains claims and the foundations of trust in large-scale API infrastructures—why it matters, and how to get it right. - [WebAuthn and Hypermedia Authentication API | Videos](https://curity.io/resources/videos/mobile-login-with-webauthn-and-haapi-on-ios/): iOS now supports native WebAuthn and passkeys, enabling seamless in-app authentication with Curity’s Hypermedia API. Watch the demo. - [An Introduction to the Curity Identity Server | Videos](https://curity.io/resources/videos/intro-to-curity-identity-server/): A short demo showcasing how the Curity Identity Server brings Identity and API security together. - [Open Banking and Financial-Grade Security with Curity | Videos](https://curity.io/resources/videos/curity-open-banking-financial-grade-security/): Explore how Curity enables secure, compliant open banking APIs with financial-grade identity and access management. - [Test Different OAuth Flows Using OAuth Tools | Video | Videos](https://curity.io/resources/videos/test-using-oauth-tools/): Learn and explore OAuth and OpenID Connect flows with OAuth tools. - [Protecting Healthcare with Curity's CIAM Solution | Video | Videos](https://curity.io/resources/videos/protecting-healthcare/): Enhance patient care with a secure, flexible CIAM solution that seamlessly fits into your current healthcare systems. - [Military-Grade Security for APIs | Curity | Videos](https://curity.io/resources/videos/military-grade-security-for-apis/): Learn how to secure sensitive APIs using OAuth/OIDC extensions like PAR, JARM, and mTLS in this technical talk from the 2023 Platform Summit. - [Decentralized Identities Changes Everything, Even Your APIs | Curity | Videos](https://curity.io/resources/videos/decentralized-identities-changes-everything-even-your-apis/): Jacob Ideskog explores how decentralized identity is changing access control and what it means for securing APIs in a world without centralized user accounts. - [Curity Token Handler for Single Page Applications Security | Curity | Videos](https://curity.io/resources/videos/token-handler-spa-security-video/): The Curity Token Handler is a Backend for Frontend (BFF) authentication solution that addresses browser-based authentication security concerns. - [Addressing Top API Security Risks | Curity | Videos](https://curity.io/resources/videos/addressing-top-api-security-risks/): Learn how using OAuth can address top API security risks like broken object level authorization and broken authentication, improving overall protection. - [Browserless OAuth Flows in Mobile Apps Using a Hypermedia API | Curity | Videos](https://curity.io/resources/videos/browserless-oauth-flows-in-mobile-apps-using-a-hypermedia-api/): Learn how to enable seamless, secure, browserless logins on any device using OAuth and hypermedia APIs for a smoother, customizable user experience. - [Improve the Security of Your Tech and SaaS Applications | Curity | Videos](https://curity.io/resources/videos/curity-technology-solutions/): A short demo showing how you can improve the security of your tech and SaaS applications with the Curity Identity Server. - [How Single Page Applications Weakened Security and How to Fix It | Curity | Videos](https://curity.io/resources/videos/how-to-build-a-fortress-with-the-security-of-a-tent/): Curity's Jacob Ideskog explores how single page applications impact security and how using the right tools can restore strong API protection. - [Who Needs That FAPI Thing, Anyway? | Curity | Videos](https://curity.io/resources/videos/who-needs-that-fapi-thing-anyway/): What is the FAPI security profile, who needs it, and how do enhancements introduced in the profile allow it to address OAuth apps vulnerabilities? - [Panel Discussion: Tackling API Authorization & Access Risks | Curity | Videos](https://curity.io/resources/videos/api-authorization-panel-discussion/): Experts discuss API authorization risks, identity control, and access management at the Nordic APIs 2024 Platform Summit. - [CIAM for Government Solutions | Curity | Videos](https://curity.io/resources/videos/curity-government-solutions/): Learn how our CIAM solution can help government agencies improve security, compliance, and user experience. - [Cooking up a Secure API in Minutes – Instructions Included | Curity | Videos](https://curity.io/resources/videos/cooking-up-secure-apis-in-minutes/): Learn how to secure your APIs with API gateways, an OAuth authorization server and fine-grained authorization. - [Say Goodbye to the Browser—OAuth With Passkeys in Native Apps | Curity | Videos](https://curity.io/resources/videos/ditch-the-browser-native-api-driven-app-authentication-with-passkeys/): Improve login experiences with a seamless, browserless OAuth flow using a hypermedia authentication API, as shown by Jonas Iggbom. - [Master OAuth With Mods and Combos for Cloud-Native Security | Curity | Videos](https://curity.io/resources/videos/oauth-well-played-mods-and-combos-for-the-cloud-native-api-security-game/): How to implement zero-trust in a modern way and craft a security architecture for APIs that utilizes common cloud native technologies. - [Verifiable Credentials & OAuth: Show Your Wallet to Prove Identity | Curity | Videos](https://curity.io/resources/videos/show-me-your-wallet-using-verifiable-credentials-with-oauth/): Learn about roles in a decentralized identity system and how OAuth enables self-sovereign identities. - [Opt-In Multi-Factor Authentication Action Video | Curity | Videos](https://curity.io/resources/videos/opt-in-mfa-action-video/): Configure opt-in multi-factor authentication and let users manage extra factors in the Curity Identity Server. - [API Authentication and Authorization | Videos](https://curity.io/resources/videos/curity-opa-kong-fo-api-authentication-and-authorization/): This tutorial shows how you can create a very comprehensive solution using the Curity Identity Server, Open Policy Agent (OPA), and Kong to… - [2-Factor and Step-up Authentication | Videos](https://curity.io/resources/videos/2fa-step-up/): In this video, we will take a look at how to configure the Curity Identity Server for step-up authentication using 2-factor. We demonstrate… - [Modernizing Infrastructure | Videos](https://curity.io/resources/videos/modernizing-infrastructure/): Establish a scalable infrastructure that handles market demand changes, is easy to integrate, and ensures long-term security. - [Custom Claim Data Source | Videos](https://curity.io/resources/videos/custom-claim-data-source/): In this video we show how to configure a Custom Claim Data Source in the Curity Identity Server. - [Curity Identity Server Demo | Videos](https://curity.io/resources/videos/demo-curity-identity-server/): In this demo, we give you an overview of the Curity Identity Server. What it is and what problems it helps you solve. Bringing identity and… - [Integrating the Curity Identity Server with AWS API Gateway | Videos](https://curity.io/resources/videos/integrating-curity-with-aws-api-gateway/): In this video we show how how to configure the Curity Identity Server to integrate with AWS API Gateway using the Split token approach. Also… - [The Token Handler Pattern: OpenID Connect for Single Page Apps | Videos](https://curity.io/resources/videos/token-handler-backend-for-frontend-video/): The latest best practices for implementing OpenID Connect in Single Page Applications (SPA) with the Token Handler design pattern. - [Secure Frictionless Authentication with the Curity Identity Server | Videos](https://curity.io/resources/videos/secure-frictionless-authentication/): There is no need to choose between high-level security and a good user experience if smooth, frictionless authentication methods are used… - [Entrust IDaaS Integration | Videos](https://curity.io/resources/videos/entrust-idaas-integration-demo/): Learn about the Entrust IDaaS integration available in the Curity Identity Server. - [Using the Curity Identity Server as an IdP in Entrust IDaaS | Videos](https://curity.io/resources/videos/curity-idp-entrust-idaas/): Learn how to use the Curity Identity Server as an IdP in Entrust IDaaS. - [Token Designer Overview | Videos](https://curity.io/resources/videos/token-designer-overview/): Learn how to use the Token Designer to easily create mapping of scopes to claims. - [Token Designer Overview: Working with Claims | Videos](https://curity.io/resources/videos/token-designer-overview-working-with-claims/): Learn how to configure claim value providers to ensure the Curity Identity Server assigns values to claims when issuing tokens. - [The Lodging Intent Pattern | Videos](https://curity.io/resources/videos/lodging-intent-pattern/): Learn about the Lodging Intent Pattern and how to implement it using the Curity Identity Server. - [Create a Common Identity Platform | Videos](https://curity.io/resources/videos/common-identity-platform/): Create a common identity platform and enable consistent, secure authentication experiences for end users and provide access security to… - [Developing a Plugin Part 1 | Videos](https://curity.io/resources/videos/developing-a-plugin-part1/): How to get started developing a plugin for the Curity Identity Server using the Curity Plugin SDK. In this recording we cover how to… - [Developing a Plugin Part 2 | Videos](https://curity.io/resources/videos/developing-a-plugin-part-2/): In Part 1, we covered the basics of developing a plugin. In this recording, some more advanced topics are covered, such as implementing a… - [Integrating the Curity Identity Server with PagerDuty | Videos](https://curity.io/resources/videos/integrate-curity-with-pagerduty/): The Curity Identity Server comes with a fully supported integration with PagerDuty. It is easily configured and works out of the box. - [Financial Grade APIs Using OAuth and OpenID Connect | Videos](https://curity.io/resources/videos/financial-grade-apis-using-oauth-and-openid-connect/): Financial grade level of security is important not only for the financial sector. This level of security is also necessary for other… - [App2App Logins using the Curity Identity Server | Videos](https://curity.io/resources/videos/app2app-logins-video/): In this video, we show how to get mobile app2app logins working using the Curity Identity Server. - [Browser-less mobile login in iOS using the Authentication API | Videos](https://curity.io/resources/videos/browserless-mobile-login-ios/): A demo showing how you can create an OAuth flow directly from your iOS app using Curity’s hypermedia authentication API. We complete the… - [OAuth and OpenID Connect for PSD2 and Third-Party Access | Videos](https://curity.io/resources/videos/oauth-and-openid-connect-for-psd2-and-third-party-access/): In this talk from the 2018 Platform Summit, Curity identity specialist Daniel Lindau talks about PSD2 and how you can use OAuth and OpenID… - [Browser-less mobile login using the authentication API | Videos](https://curity.io/resources/videos/browserless-mobile-login-with-authentication-api/): A demo showing how you can create an OAuth flow directly from your android app without the need for an intermediary whilst still maintaining… - [Dynamic User Routing in a Global IAM System | Videos](https://curity.io/resources/videos/dynamic-user-routing-in-global-iam-system/): This demo shows how to manage user data and reliability in a global identity and access management system using dynamic user routing. - [OAuth Device Flow | Videos](https://curity.io/resources/videos/device-flow/): The device flow is excellent for dealing with scenarios where an app runs on a device that doesn't have great input capabilities. Instead… - [OAuth and OpenID Connect - What's next? | Videos](https://curity.io/resources/videos/oauth-and-oidc-what-is-next/): It’s been almost a decade since the inception of OAuth and OpenID Connect. A lot has happened since, both in the standards and with the use… - [Dynamic Client Registration | Videos](https://curity.io/resources/videos/dynamic-client-registration/): In this video, we show how to setup Dynamic Client Registration (DCR) in the Curity Identity Server. The configuration is demonstrated in… - [Installing the Curity Identity Server | Videos](https://curity.io/resources/videos/installing-curity-identity-server/): This tutorial walks through the basic steps of installing Curity and how to load the example configuration and license. - [Account Linking with Facebook | Videos](https://curity.io/resources/videos/account-linking-with-facebook/): In this tutorial we show how to achieve account linking with Facebook. This is an example and the same method can be applied to any other… - [Debug Authentication Action | Videos](https://curity.io/resources/videos/debug-action/): In this recording we take a look at the debug action. It is a handy way getting information and debug information out in the authentication… - [Introduction to the Command Line Interface (CLI) | Videos](https://curity.io/resources/videos/cli-introduction/): This tutorial walks through the basics of using the Curity Command Line Interface (CLI). It shows the different modes, and the basic… - [Introduction to the RESTCONF Admin API | Videos](https://curity.io/resources/videos/introduction-to-RESTCONF-admin.api/): A look at what we can do with the RESTCONF Admin that the Curity Identity Server exposes. - [Working with configuration in the Curity CLI | Videos](https://curity.io/resources/videos/working-with-configuration-in-the-curity-cli/): A look at some of the more advanced features of the Curity CLI. - [Parameterized configuration | Videos](https://curity.io/resources/videos/parameterized-configuration/): In this demo we show how you can use parameters in a Curity config file that is loaded at start up. - [Custom Token Mapping | Videos](https://curity.io/resources/videos/custom-token-mapping/): This video shows how to use custom mapping together with downscoped tokens, it is useful when passing tokens between APIs or when calling… - [Integrating Curity Identity Server with Apigee Edge | Videos](https://curity.io/resources/videos/curity-and-apigee-edge-integration/): In this video we will review what an integration of the Curity Identity Server with Apigee Edge looks like. - [Claims Consentor Demo | Videos](https://curity.io/resources/videos/claims-consentor-demo/): This video explains how to use the Curity Identity Server to digitally sign an OAuth authorization request that includes dynamic scope… - [REST API Overview with Integration of CLI & UI | Videos](https://curity.io/resources/videos/rest-api-overview/): See how to use the REST admin API together with the Web UI and CLI to automate all OAuth, OpenID Connect, SCIM and authentication related… - [Using Custom Token Issuers in the Curity Identity Server | Videos](https://curity.io/resources/videos/using-custom-token-issuers-in-the-curity-identity-server/): This video shows how to use custom token issuers and client properties to customize the behaviour of the token issuance. It involves the… - [Using Additional Factors in the Curity Identity Server | Videos](https://curity.io/resources/videos/using-additional-factors-in-the-curity-identity-server/): This video demonstrates how to configure the Curity Identity Server with conditional authentication factors that are selected based on… - [Duo Login and Registration | Videos](https://curity.io/resources/videos/duo-login-and-registration/): In this video we show how to configure the Duo authenticator, new in Curity Identity Server 5.1. It allows users to login using OTP sent via… - [Salesforce Claims Provider | Videos](https://curity.io/resources/videos/salesforce-claims-provider/): In this video we show how to configure a Claims Provider for Salesforce. It will fetch attributes from Salesforce and add those as claim… - [Overview of Authentication | Videos](https://curity.io/resources/videos/overview-of-authentication/): In this video, we give an overview of authentication in the Curity Identity Server. We explain how to create a BankID authenticator and the… - [Curity on ProgrammableWeb's Developers Rock Podcast | Videos](https://curity.io/resources/videos/curity-on-programmableweb-developers-rock-podcast/): Curity's CEO Travis Spencer recently sat down with David Berlind, Editor in Chief of ProgrammableWeb. They discussed API security… - [Scalable API Security Using OAuth | Videos](https://curity.io/resources/videos/scalable-api-security-using-oauth/): Distributed systems bring with them complexities surrounding identity. How should identity be traced and delegated throughout the cloud? How… - [Securing APIs and Microservices with OAuth and OpenID Connect | Videos](https://curity.io/resources/videos/securing-apis-and-microservices-with-oauth-and-openid-connect/): Microservices present a new way of scaling API deployments, where each component is an island, performing a small but well defined task… - [Security Is a Concern, Let’s Make It an Enabler | Videos](https://curity.io/resources/videos/security-is-a-concern-lets-make-it-an-enabler/): As projects move quicker, get more distributed and have less time, security is a growing concern. How can you transform security from being… - [Securing APIs in a Cloud Native Environment Using OAuth | Videos](https://curity.io/resources/videos/securing-apis-in-a-cloud-native-environment-using-oauth/): In this talk Daniel will explore the world beyond microservices and illustrate how to securely distribute identity information in a world of… - [Claims Mapper | Videos](https://curity.io/resources/videos/claims-mapper/): In this recording we take a look at how to configure claims mapper in the Curity Identity Server in order to map different claims into… - [OAuth Tokens As Your Identity API | Videos](https://curity.io/resources/videos/oauth-tokens-as-your-identity-api/): You have an OAuth server, now what? In this talk, Curity's Jacob Ideskog illustrates how OAuth and OpenID Connect can be leveraged to… - [WebAuthn Authenticator with NFC YubiKey on iPhone | Videos](https://curity.io/resources/videos/webauthn-authenticator-with-yubikey-on-iphone/): A demo of how you can configure and use the Curity WebAuthn Authenticator plugin with a YubiKey. The demo showcases a simple web application… - [How Agentic AI and Non-Human Identities Are Transforming B2B CIAM | Documents](https://curity.io/resources/documents/b2b-ciam-in-the-era-of-agentic-ai-and-nhi/): This whitepaper examines some of the characteristics of non-human identities and use cases that must be treated by B2B CIAM solutions, - [AI Agent Security Best Practices | Free Ebook by Curity | Documents](https://curity.io/resources/documents/ai-agent-security-best-practices-ebook/): Learn how to secure AI agents using OAuth 2.0 and modern identity standards. This free ebook from Curity covers delegated access, trust domains, client onboarding and browserless authentication for agentic systems - [Gartner® Report: Innovation Insight for Customer and Partner Identity and Access Management | Curity | Documents](https://curity.io/resources/documents/gartner-report-innovation-insight-for-customer-and-partner-identity-and-access-management/): Get complimentary access to the Gartner® Report: Innovation Insight for Customer and Partner Identity and Access Management - [Link Index™ for Customer Authentication | Documents](https://curity.io/resources/documents/liminal-link-index-customer-authentication/): Curity is recognized as a top vendor in the Link Index™ for Customer Authentication by Liminal - [SPA - Single Page Application Security | Documents](https://curity.io/resources/documents/single-page-application-security-whitepaper/): Modern techniques for securing Single Page Applications - [Hypermedia Authentication API Security in Detail | Documents](https://curity.io/resources/documents/hypermedia-authentication-api-security-in-detail-whitepaper/): The security of the hypermedia authentication API available in the Curity Identity Server - [Plotting the Roadmap for Digital Identity | Documents](https://curity.io/resources/documents/report-plotting-the-roadmap-for-digital-identity/): Can evolving identity technology match expectations of users, consumers, and citizens? - [API Security eBook | How to Secure Your APIs | Curity | Documents](https://curity.io/resources/documents/api-security-ebook/): Download this eBook to learn about the most important aspects of API Security. - [Leadership Compass Access Management | Documents](https://curity.io/resources/documents/kuppingercole-report-leadership-compass-access-management/): KuppingerCole’s Leadership Compass provides an overview of the market for access management solutions. - [Leadership Compass API Security and Management | Documents](https://curity.io/resources/documents/kuppingercole-report-leadership-compass/): KuppingerCole’s Leadership Compass provides an overview of the market for API management and security solutions. - [Facilitating the Future of Open Finance | Documents](https://curity.io/resources/documents/facilitating-the-future-of-open-finance/): Curity surveyed 200 global financial institutions to better understand the landscape of Open Finance and the adoption rates of Open Banking. - [Financial Grade APIs Using OAuth and OpenID Connect | Documents](https://curity.io/resources/documents/financial-grade-apis-using-oauth/): How OAuth and OpenID Connect can be used to conform to open banking regulations, PSD2 and GDPR. - [OAuth Explained - A Deep Dive into the Security Standard | Documents](https://curity.io/resources/documents/oauth-explained-whitepaper/): An in-depth explanation of the main aspects of OAuth and OpenID Connect and how to use them to secure your APIs. - [Modernizing Legacy IAM Systems | Documents](https://curity.io/resources/documents/kuppinger-cole-modernizing-legacy-iam-systems/): In this whitepaper, KuppingerCole assesses the necessities for modernizing legacy IAM systems and how Curity aligns with them. - [Curity Product Sheet | Documents](https://curity.io/resources/documents/datasheet/): Learn more about the Curity Identity Server and how it can help secure your apps and APIs in this printable PDF. - [Session Management Techniques | Documents](https://curity.io/resources/documents/session-management-in-curity-identity-server/): In this Solution Brief we outline different session management scenarios and solutions you can implement in the Curity Identity Server. - [The Neo-Security Architecture | Documents](https://curity.io/resources/documents/neo-security-architecture-whitepaper/): A blueprint for securing and asserting legitimate access to APIs and digital services. - [OAuth and API Gateways | Documents](https://curity.io/resources/documents/oauth-and-api-gateways-whitepaper/): How to properly use an API Gateway when securing APIs using OAuth - [API Security Checklist | A Guide to Protect Your APIs | Documents](https://curity.io/resources/documents/api-security-checklist/): A guide to protecting your APIs. This checklist covers API security best practices, to help you reduce the threat of cyberattacks and secure your business. - [Identity and APIs eBook | How to Secure Your APIs | Curity | Documents](https://curity.io/resources/documents/ebook-identity-and-apis/): Learn about securing APIs and microservices, managing identities and access, and utilizing standards like OAuth 2, OpenID Connect and SCIM. - [Executive View of Curity | Documents](https://curity.io/resources/documents/kuppinger-cole-executive-view/): This Kuppinger Cole Report gives an impartial overview of the strengths and challenges of the Curity Identity Server - [Latest updates from Curity | News](https://curity.io/news/): Latest updates from Curity - [Curity Launches Access Intelligence - Real-Time Authorization for Enterprise AI Agents | News](https://curity.io/news/curity-announces-access-intelligence/): We're excited to announce Access Intelligence — real-time authorization that gives enterprises full control over every AI agent action… - [Join Curity, Nordic APIs and Akamai in Stockholm to explore how to secure APIs in the age of AI-driven interactions and agent-based access. | News](https://curity.io/news/curity-ai-and-api-security-dinner/): Join us in Stockholm on May 7 for an evening of discussion on API security in the age of AI - [Curity Identity Server 11.1 Release | Enhancements to Ephemeral Clients and Platform Improvements | News](https://curity.io/news/curity-identity-server-11-1/): Learn what's new in the latest version of the Curity Identity Server. - [Monica Enand Appointed Chair of the Board at Curity | News](https://curity.io/news/monica-enand-appointed-chair-of-board-curity/): Former Auth0 chair and Zapproved founder joins the board as Curity enters the next phase of growth. - [Curity Identity Server 11.0 Released: Ephemeral clients with support for CIMD specification, managed database schemas, SCIM groups, new UI kit | News](https://curity.io/news/curity-identity-server-11-0/): Learn what's new in the latest version of the Curity Identity Server. - [Curity at Gartner Identity & Access Management Summit London 2026 | API Security and AI Agents | News](https://curity.io/news/curity-gartner-iam-summit-2026-london/): Curity is an exhibitor at the upcoming Gartner 2026 Identity and Access Management Summit in London. Hope to see you there! - [Meet Curity at AI & Big Data Expo 2026 in London | News](https://curity.io/news/curity-at-ai-big-data-expo-2026/): Curity is heading to AI & Big Data Expo London on February 4-5. Stop by our booth to see how strong identity becomes a competitive advantage… - [Curity Identity Server 10.7 Released | News](https://curity.io/news/curity-identity-server-10-7/): Learn what's new in the latest version of the Curity Identity Server. - [Meet Curity at Gartner Identity & Access Management Summit 2025 in Grapevine, Texas | News](https://curity.io/news/curity-gartner-iam-summit-2025-usa/): Curity is an exhibitor at the upcoming Gartner 2025 Identity and Access Management Summit in Grapevine, Texas. Hope to see you there! - [Meet Curity at Digital Finance Summit 2025 in Brussels | News](https://curity.io/news/digital-finance-summit-2025/): Curity is heading to Digital Finance Summit 2025. Don’t miss Sutton Maxwell’s talk on building customer trust in an AI-driven world and meet… - [Curity Identity Server 10.6 Released | News](https://curity.io/news/curity-identity-server-10-6/): Learn what's new in the latest version of the Curity Identity Server. - [Curity to Explore Identity Strategies for Securing MCP and AI Agent API Access at Live Webinar | News](https://curity.io/news/securing-mcp-and-ai-agents-webinar/): Join our live webinar on December 4 to explore how to secure API access as AI technologies and the Model Context Protocol (MCP) reshape… - [Curity at Future Identity Festival 2025 – Securing AI Agents with Identity-First API Security | News](https://curity.io/news/curity-future-identity-festival/): Meet Curity at the Future Identity Festival in London. Visit us in Stand 13 and join Gary Archer’s session on how identity-centric… - [Join the Curity webinar with KuppingerCole and If P&C to learn how IAM transforms APIs into secure, developer-friendly business products that drive growth and innovation. | News](https://curity.io/news/curity-if-kuppingercole-webinar-api-product/): On November 13, Curity, KuppingerCole and If P&C Insurance will explore how to transform APIs into secure, scalable business products… - [Curity at Naoplay’s APItime Webinar: Orchestrate Identity Without Exposing Your APIs | News](https://curity.io/news/curity-naoplay-apitime-webinar/): Curity's Eric Geens joins Naoplay’s APItime webinar series to discuss CIAM, user orchestration and phantom tokens. - [Curity Welcomes Johanna Alvemur as a new CHRO and Sutton Maxwell as a CRO | News](https://curity.io/news/curity-welcomes-johanna-alvemur-and-sutton-maxwell/): Curity is strengthening its leadership team with two key hires to support our next phase of growth. - [Curity Identity Server 10.5 Released | News](https://curity.io/news/curity-identity-server-10-5/): Learn what's new in the latest release of the Curity Identity Server. - [Curity joins Nordic FinTech Week 2025 in Copenhagen | News](https://curity.io/news/nfw-2025/): Curity is a proud partner of Nordic FinTech Week 2025, taking place September 24–25 in Copenhagen. - [Curity and Loihde Join Forces to Deliver Complete CIAM Solutions in Finland | News](https://curity.io/news/curity-and-loihde-join-forces/): Curity and Loihde have formed a strategic partnership to deliver secure, scalable CIAM solutions with local expertise and Finnish-language… - [Curity and Savyint Partner to Advance Identity and API Security for Open Banking in APAC | News](https://curity.io/news/curity-savyint-partner-identity-api-security-apac/): Curity and Saviynt partner to enhance identity, authentication and API security for Open Banking across Vietnam and the APAC region. - [Curity Identity Server 10.4 Released | News](https://curity.io/news/curity-identity-server-10-4/): Learn what's new in the latest release of the Curity Identity Server, introducing significant enhancements to user experience and enterprise… - [Curity Joins KuppingerCole for a Webinar on AI for B2B IAM | News](https://curity.io/news/curity-joins-kuppingercole-webinar-ai-for-b2b-iam/): Curity's Jacob Ideskog joins KuppingerCole for a webinar to explore how AI streamlines onboarding, strengthens policy enforcement, and… - [Curity Joining Nordic APIs LiveCast on Mitigating Security Gaps in MCP Ecosystems | News](https://curity.io/news/livecast-mcp-security/): Curity’s Gary Archer joins the Nordic APIs LiveCast MCP Security on August 13 to explore how organizations can secure emerging AI-to-API… - [Join Curity at Nordic APIs' API Security Unconference | News](https://curity.io/news/curity-at-api-security-unconference/): Serving as Day 0 of the Platform Summit, this half-day event offers an interactive space to tackle pressing API security topics before the… - [Curity Identity Server 10.3 Released | News](https://curity.io/news/curity-identity-server-10-3/): Learn what's new in the latest release of the Curity Identity Server, including a new throttler service for more efficient resource… - [Curity's Judith Kahrer speaking at Apidays Helsinki & North 2025 | News](https://curity.io/news/curity-at-api-days-helsinki-2025/): On June 4, our identity specialist Judith Kahrer will speak about API access control strategies beyond JWT bearer tokens. - [Curity Is Now SOC2 Type 2 and ISO/IEC 27001 Compliant | News](https://curity.io/news/curity-soc2-type2-iso-iec-27001-compliance/): Curity has achieved SOC2 Type 2 and ISO/IEC 27001 certification, demonstrating strong security practices and a commitment to protecting… - [Curity at Identiverse 2025 – Learn How to Secure Your APIs with Identity | News](https://curity.io/news/curity-identiverse-2025/): Join Curity at Identiverse 2025 in Las Vegas, June 3–6. Visit us at booth #306 and don’t miss our Jonas Iggbom’s talk on API security and… - [Curity Identity Server 10.2 Released | News](https://curity.io/news/curity-identity-server-10-2/): Learn what's new in the latest release of the Curity Identity Server - [Curity at Nordic APIs Platform Summit 2025 in Stockholm | News](https://curity.io/news/nordic-apis-platform-summit-2025/): Curity is a proud organizer and participant of the Nordic APIs Platform Summit on October 13-15 in Stockholm, Sweden. - [Book Launch Event: Cloud Native Data Security with OAuth | News](https://curity.io/news/curity-office-book-launch/): Join us in Stockholm for an informal gathering to celebrate the launch of Cloud Native Data Security with OAuth. Meet the authors and… - [Curity Identity Server 10.1 Released: multiple themes in UI designer, iOS UI SDK extensibility improvements, password policy dictionary check | News](https://curity.io/news/curity-identity-server-10-1/): Learn what's new in the latest release of the Curity Identity Server, including updates to the UX configuration and credential policy… - [The Full O’Reilly Book Cloud Native Data Security with OAuth is Now Available | News](https://curity.io/news/cloud-native-data-security-with-oauth-ebook/): The full O’Reilly book Cloud Native Data Security with OAuth is now available! Learn how to secure APIs in cloud-native environments with… - [Customer Identity Management: Key Challenges and Solutions | Webinar | News](https://curity.io/news/webinar-rethinking-ciam/): Join Curity on April 3 for a webinar on customer identity management. Learn how to strengthen security, avoid common IAM pitfalls, and… - [Curity Identity Server 10.0 Released: OpenTelemetry, MongoDB data source, apps in the SDK, Authorized Grants GraphQL API and more | News](https://curity.io/news/curity-identity-server-10-0/): Learn what's new in the latest major release of the Curity Identity Server, including OpenTelemetry support for tracking flows, a fully… - [Join Curity and Axiomatics in London to Explore Identity-Driven Security | News](https://curity.io/news/curity-axiomatics-london-event/): Join Curity and Axiomatics in London to explore identity-driven security and access management. Learn how to balance strong protection with… - [Jacob Ideskog to Speak on Real-World API Security Patterns at OAuth Security Workshop 2025 | News](https://curity.io/news/curity-jacob-idekog-osw-2025/): Curity is excited to be part of OSW, an event focused on advancing the development of OAuth and related security technologies. - [Curity and IdentIT Partner to Bring Industry-Leading Digital Identity Services to More Customers | News](https://curity.io/news/curity-and-identit-announce-partnership/): IdentIT is expanding its product portfolio to include Curity’s Customer Identity and Access Management (CIAM) solutions. - [Meet Curity at Gartner Identity & Access Management Summit 2025 in London | News](https://curity.io/news/curity-gartner-iam-summit-2025-london/): Curity is an exhibitor at the upcoming Gartner 2025 Identity and Access Management Summit in London. Hope to see you there in March! - [Curity Joining Nordic APIs LiveCast on Securing Open Finance | News](https://curity.io/news/livecast-securing-open-finance/): Learn how to tackle security challenges in open banking with practical strategies for protecting data and ensuring compliance in a live… - [Curity 9.7 Released: New UI for Authentication Actions | News](https://curity.io/news/curity-identity-server-9-7/): Learn what's new in the latest release of the Curity Identity Server, including brand new UI for editing authentication actions workflow… - [Curity’s Michal Trojanowski at APIdays 2024 on API Security | News](https://curity.io/news/curity-at-apidays-paris-2024/): Catch our Michal Trojanowski's talk at apidays Paris on December 5. - [Security Strategies for Digital Banks: IAM & API Security Webinar | Curity | News](https://curity.io/news/webinar-on-security-strategies-fintech-banks/): Join Curity on January 23 for a webinar exploring IAM and API security strategies for digital banks, fintechs - and beyond. Learn how to… - [Curity & IdentIT Brussels Seminar on API Security & Digital Trust | News](https://curity.io/news/curity-breakfast-brussels-december-2024/): Curity, IdentIT and CornerBriX host a thoughtleader security breakfast in Brussels for organizations that want to achieve high-level… - [Curity 9.6 Released: Auto Migration, DynamoDB Policies & More | News](https://curity.io/news/curity-identity-server-9-6/): Learn what's new in the latest release of the Curity Identity Server, including automatic credential migration and re-hashing during… - [Meet Curity at Gartner 2024 IAM Summit in Texas | | News](https://curity.io/news/gartner-us-iam-summit-2024/): Curity will be at the upcoming Gartner 2024 Identity and Access Management Summit in Grapevine, Texas. Hope to see you there. - [ICA Continues to Trust Curity Identity Server for IAM Security | News](https://curity.io/news/ica-gruppen-extends-use-of-curity-identity-server/): Curity is pleased to announce that ICA will continue to leverage the Curity Identity Server to centralize IAM and API security throughout… - [Curity 9.5 Released: NGINX Token Handler, BankID Assessment | News](https://curity.io/news/curity-identity-server-9-5/): Learn what's new in the latest release of the Curity Identity Server, including the Token Handler support for NGINX and the BankID… - [Curity 9.4 Released: Selective Disclosure, SAML Encryption | News](https://curity.io/news/curity-identity-server-9-4/): Learn what's new in the new release of the Curity Identity Server: selective disclosure credential support, artifact binding and encryption… - [Join Curity’s Breakfast Seminar in Copenhagen for API Security Insights | News | News](https://curity.io/news/curity-breakfast-copenhagen-september-2024/): Curity is organizing a security breakfast in Copenhagen for organizations that want to achieve high-level security, protect valuable data… - [Cloud Native Data Security with OAuth: Three More Chapters Released | News](https://curity.io/news/cloud-native-data-security-with-oauth-six-chapters/): Get access to the three new chapters of the upcoming book by Curity identity experts on cloud native data security. There are now a total of… - [Curity Named Top 5 CIAM Vendor by Liminal | News](https://curity.io/news/curity-leading-ciam-vendor-by-liminal/): Curity scores high on the Link Index™ in key areas that organizations consider when making customer authentication solution purchasing… - [The New Curity Token Handler Enhances Single Page App Security | News](https://curity.io/news/curity-token-handler-spa-security/): We're thrilled to announce a new ready-to-deploy authentication solution enabling robust website-level access security for single-page… - [Region Jönköping County Relies on Curity for Centralized IAM | News](https://curity.io/news/region-jonkoping-extends-curity-license/): Region Jönköping County has extended its Curity Identity Server license to provide users with secure access to digital services. - [Curity 9.3 Released: Token Handler, Multi-Tenancy, Passkeys | News](https://curity.io/news/curity-identity-server-9-3/): Learn what's new in the new release of the Curity Identity Server: the first production version of token handler implementation, finalized… - [Curity Welcomes Gustaf Sahlman as New CEO | News](https://curity.io/news/gustaf-sahlman-new-ceo/): Curity is pleased to announce the appointment of Gustaf Sahlman as CEO. - [Curity Founder Travis Spencer Joins Forbes Technology Council | News](https://curity.io/news/curity-travis-spencer-forbes-technology-council/): Travis Spencer joins an invitation-only community for world-class CIOs, CTOs, and technology executives. - [Curity's Travis Spencer at APIMatic Meetup on AI in API Strategy | News](https://curity.io/news/curity-apimatic-meetup-api-strategy-ai/): Curity's Travis Spencer is joining a panel discussion - Level Up Your API Strategy with AI - on June 10. - [Curity's CTO Launches New API Authentication Course at APISec University | News](https://curity.io/news/jacob-ideskog-course-api-authentication/): The new API Authentication course is available for enrollment on the APISec University website. - [Curity at Nordic APIs Platform Summit 2024 in Stockholm | News](https://curity.io/news/curity-platform-summit-2024/): Curity is a proud organizer and sponsor of the Nordic APIs' Platform Summit 2024. Join us in Stockholm on October 7-9. - [Curity Identity Server Certified to Run on Oracle Cloud | News](https://curity.io/news/curity-certified-oracle-cloud/): The Curity Identity Server is now certified as compatible to run on Oracle Cloud. - [Join Curity’s OAuth & OIDC Workshops at 2024 Platform Summit | News](https://curity.io/news/oauth-workshops-platform-summit-2024/): Learn about OAuth and OpenID Connect from Curity experts. Level up security at Nordic APIs Platform Summit. - [Curity Identity Server 9.2 is out! | News](https://curity.io/news/curity-identity-server-9-2/): Learn what's new in the new release of the Curity Identity Server: extended, standardized token exchange support, updated multi-tenancy… - [Meet Curity at Identiverse 2024 | News](https://curity.io/news/curity-identiverse-2024/): Curity are pleased to join the Identiverse conference on May 28-31 in Las Vegas. Curity's Travis Spencer and Jonas Iggbom will do several… - [Early Release Chapters of Upcoming Book by Curity Now Available | News](https://curity.io/news/cloud-native-data-security-with-oauth-prerelease/): Get access to the three chapters of the upcoming book by Curity identity experts on cloud native data security. - [Join Curity’s Breakfast Seminar in Stockholm for API Security Tips | News](https://curity.io/news/curity-breakfast-stockholm-june-2024/): Curity is organizing a breakfast seminar in Stockholm for organizations that want to achieve high-level security, protect valuable data… - [Curity is a proud sponsor and presenter at apidays New York | News](https://curity.io/news/curity-at-apidays-new-york/): Meet the Curity Team in New York on April 30th and May 1st. - [Curity Team at Industry Events Spring 2024 | News](https://curity.io/news/curity-cillers-iiw-apidays-identiverse/): Meet Curity at events in Berlin, Stockholm and various places in the United States! - [Michał Trojanowski Talks Securing APIs at Poznań Java Meetup | News | News](https://curity.io/news/curity-poznan-meetup/): Curity's Michał Trojanowski to share his best tips on securing microservice-based APIs with OAuth tokens. - [Learn API Security with Tokens for Easy Protection | News | News](https://curity.io/news/curity-apiable-webinar-api-security-with-tokens/): Join experts from Curity and Apiable on April 9 to learn how to go beyond API keys and securely protect APIs with tokens. - [Curity Identity Server 9.1 is out! | News](https://curity.io/news/curity-identity-server-9-1/): Learn what's new in the new release of the Curity Identity Server: database clients in the admin UI, account multi-tenancy support, sign-up… - [OAuth Tools New Version | News](https://curity.io/news/oauth-tools-new-version/): The new version of OAuth Tools: dark mode, interactive JWT creation, customizable JWT types, Rich Authorization Requests, and a new… - [Merete Søby Joins the Curity Board of Directors as the New Chairperson | News](https://curity.io/news/merete-soby-new-curity-board-chairperson/): Curity is delighted to announce that Merete Søby has joined the Curity board of directors as the new chairperson. - [Curity Updates Enhance API Security and Identity Management | News](https://curity.io/news/product-updates-advance-api-security/): Curity continues to drive innovation in protecting identity information, websites, applications and APIs against unauthorized access and… - [Meet Curity at the LEAP in Riyadh on March 6-7 | News](https://curity.io/news/curity-leap-saudi-arabia/): Curity is attending LEAP Tech Event in Riyadh, Saudi Arabia, on March 6-7. - [Advanced API Auth with Phantom Tokens | News](https://curity.io/news/curity-zuplo-phantom-tokens-advanced-api-key-auth/): Curity's Jonas Iggbom and Zuplo API management team teamed up to discuss how to achieve advanced API authentication and authorization with… - [Björn Lundén Leverage Curity to Help Entrepreneurs | News](https://curity.io/news/new-customer-bjorn-lunden/): Björn Lundén selected the Curity Identity Server to advance the security and convenience of customer log-in experiences. - [Curity Identity Server 9.0 is out! | News](https://curity.io/news/curity-identity-server-9-0/): Learn what's new in the new major release of the Curity Identity Server: OpenID Wallet authenticator, password policies, Java 21, and DPoP… - [Meet Curity at Gartner Security Summit, Dubai, 12-13 February | News](https://curity.io/news/curity-gartner-security-risk-management-summit-uae/): Curity's Travis Spencer and Stefan Nilsson attend Gartner Security & Risk Management Summit in UAE. - [Curity Identity Server Wins 2024 DEVIES Award | News](https://curity.io/news/curity-wins-2024-devies-award/): DeveloperWeek selected the Curity Identity Server Financial-grade Package as a 2024 DEVIES Award winner. - [Curity is Joining Nordic APIs’ 2024 Austin API Summit | News](https://curity.io/news/curity-nordic-apis-austin-api-summit%20/): Curity is a proud organizer and participant of Nordic APIs' Austin API Summit 2024. Join us in Austin, TX on March 11-13. - [Curity Certifies Identity Server Conforms to Saudi Arabia Open Banking Profile | News](https://curity.io/news/curity-certified-fapi-op-ksa-open-banking/): Curity Identity Server version 8.7.0 is now certified for the FAPI OP - KSA OB. - [Curity’s Daniel Lindau at Engrate Meetup on Secure Data Platforms | News](https://curity.io/news/curity-engrate-meetup-stockholm/): Curity's Daniel Lindau to give a talk on securing single page applications at Engrate's meetup in Stockholm. - [Meet Curity at Gartner 2024 EMEA IAM Summit in London | News](https://curity.io/news/curity-gartner-emea-iam-summit-2024/): Curity is an exhibitor at the upcoming Gartner 2024 EMEA Identity and Access Management Summit in London. Hope to see you there in March. - [Curity Achieves SOC 2 Type 1 Compliance | News](https://curity.io/news/curity-achieves-soc2-compliance/): An independent audit and SOC 2 report confirmed Curity’s compliance with the stringent SOC 2 data security standards. - [Cabonline Teams Up with Curity for Better Login Security | News | News](https://curity.io/news/cabonline-selects-curity-fo-login-security/): Cabonline joins a growing list of transportation companies using the Curity Identity Server. - [Curity Identity Server 8.7 is out! | News](https://curity.io/news/curity-identity-server-8-7/): Learn what's new in the latest version of the Curity Identity Server: password policies, DynamoDB support for database clients, HAAPI… - [Join Curity’s OAuth & OIDC Workshops in Austin, March 2024 | News](https://curity.io/news/curity-workshops-oauth-and-openid-in-austin/): Join Curity experts in Austin, TX, to learn about OAuth and OpenID Connect and how to use these protocols for robust security. - [KuppingerCole Names Curity a Leader in API Security | News](https://curity.io/news/kuppinger-cole-curity-api-security-management/): KuppingerCole published their Leadership Compass for API Security and Management for October 2023. In this report, Curity is identified as… - [Curity's Michal Trojanowski & Travis Spencer on API Security at APIdays Paris | News | News](https://curity.io/news/curity-at-apidays-paris/): Meet us in Paris! On December 7, Curity's Michal Trojanowski and Travis Spencer join apidays Paris, talking about API security. - [The Curity Identity Server 8.6 is out! | News](https://curity.io/news/curity-identity-server-8-6/): Learn what's new in the latest version of the Curity Identity Server: Passkeys authenticator, BankID v.6 for consentors and new intent… - [GraphQL Access Authorization Patent Published | News](https://curity.io/news/graphql-access-authorization-patent-published/): Curity’s application for GraphQL Access Authorization is published. - [Join Curity & Data Ductus Seminar on IAM & Zero Trust in Uppsala | News](https://curity.io/news/curity-data-ductus-seminar-uppsala/): Join Curity and Data Ductus in Uppsala, Sweden, on October 12. - [Curity joins the Nordic APIs Platform Summit 2023 in Stockholm, Sweden. Don't miss our talks! | News](https://curity.io/news/nordic-apis-platform-summit-2023/): Curity is a proud organizer and participant of the Nordic APIs Platform Summit on October 16-18 in Stockholm, Sweden. - [The Curity Identity Server 8.5 is out! | News](https://curity.io/news/curity-identity-server-8-5/): Learn what's new in the latest version of the Curity Identity Server: Action Bundles, BankID v.6, OAuth metadata, and more. - [Curity Sponsors and Speaks at API World 2023 in Santa Clara | Curity | News](https://curity.io/news/api-world-2023/): Curity is going to Santa Clara, CA, to participate in the largest API event. Don't miss our talk on decentralized identity on October 26. - [Financial-Grade API Security at Vancouver & Denver Meetups | News](https://curity.io/news/curity-financial-grade-api-vancouver-denver/): Curity's Jonas Iggbom to give talks on financial-grade API security in Vancouver and Denver. - [The Curity Identity Server 8.4 is out! | News](https://curity.io/news/curity-identity-server-8-4/): Learn what's new in the latest version of the Curity Identity Server: database clients, new iOS UI SDK for HAAPI, and updates to the… - [Ooredoo Kuwait Selects Curity to Secure Their Apps | News](https://curity.io/news/ooredoo-kuwait-selects-curity/): Ooredoo Kuwait joins a growing list of telecom providers using the Curity Identity Server. - [Meet Curity at the API Days London 2023 in September | News](https://curity.io/news/curity-api-days-london-2023/): Curity is a proud sponsor and participant of API Days London. Meet us in London on September 13-14. - [Curity Partners with CASQUE to Offer High-Grade Identity Assurance | News](https://curity.io/news/curity-casque-partnership/): Curity partners with Distributed Management Systems Ltd (DMS), the provider of CASQUE. - [Meet Curity at IDM UK and IDM Nordics 2023 in London and Stockholm | News](https://curity.io/news/idm-nordics-idm-uk-2023/): Curity is a proud sponsor and participant of IDM UK and IDM Nordics 2023. Meet us in London and Stockholm in November! - [The Curity Identity Server 8.3 is out! | News](https://curity.io/news/curity-identity-server-8-3/): Read about the most important highlights of the Curity Identity Server 8.3 release. - [Join Curity’s OAuth & OIDC Workshops at Platform Summit 2023 | News](https://curity.io/news/curity-workshops-platform-summit-2023/): Curity's identity experts invite you to join their workshops at Nordic APIs Platform Summit. - [Travis Spencer on API Security, AI & Decentralized Identity | News](https://curity.io/news/curity-travis-spencer-safety-detectives-interview/): Curity's CEO in an interview with SafetyDetectives about improving digital services’ security posture, the latest API security trends, and… - [New report from Curity: Plotting the Roadmap for Digital Identity | News](https://curity.io/news/new-report-roadmap-for-digital-identity/): New research from Curity shows that 60% of organisations in the UK and US expect digital identity to have a transformative impact on their… - [Meet Curity at Digital Identity unConference 2023 in Zurich | News](https://curity.io/news/curity-sponsoring-dice-2023/): Curity is a proud sponsor and participant of DICE 2023. Meet us in Zurich on June 7-9! - [Curity Secures Funding to Scale API-Driven Identity Management | News](https://curity.io/news/curity-secures-investment-to-scale-growth/): Curity to facilitate product innovation and business growth with the investment and partnership with GRO. - [The Curity Identity Server 8.2 is out! | News](https://curity.io/news/curity-identity-server-8-2/): Learn what's new in the latest version of the Curity Identity Server: new composite Claims types, VCI support and more. - [Hear Curity's Jonas Iggbom speak at Identiverse 2023 | News](https://curity.io/news/curity-identiverse-2023/): On June 1 2023, Curity's Jonas Iggbom will join Identiverse and give a talk on securing microservice-based APIs. - [Curity Sees Rapid Growth with New Customers Joining | News](https://curity.io/news/curity-strong-close-2022-and-new-customers-2023/): Curity’s growth continues to accelerate as organizations from diverse industries and across geographies join the expanding customer list. - [New Release: Curity Identity Server 8.1 | News](https://curity.io/news/curity-identity-server-8-1/): We are pleased to announce the release of the Curity Identity Server 8.1. - [Josefin Rosén, Recognized as a Top Influencer in Sweden's Tech Industry | News](https://curity.io/news/curity-board-member-josefin-rosen-tech-leader/): Josefin Rosén is one of the Tech50 most influential leaders in Sweden's tech industry. - [Meet Curity at the Gartner 2023 Identity & Access Management Summit in Texas | News](https://curity.io/news/gartner-us-iam-summit-2023/): Curity will be at the upcoming Gartner 2023 Identity and Access Management Summit in Grapevine, Texas. Hope to see you there. - [New Release: Curity Identity Server 8.0 | News](https://curity.io/news/curity-identity-server-8-0/): Read about the new features and new concepts of the Curity Identity Server 8.0 release. - [Curity Named a Sample Vendor by Gartner® for API Access Control | News | News](https://curity.io/news/curity-recognized-as-gartner-hype-cycle-apis/): Curity has been named a Gartner Sample Vendor in the August 2022 Hype Cycle for APIs Report - [New Curity website: curity.mx | News](https://curity.io/news/curity-spanish-language-website/): Our Spanish-speaking partners can now learn about the Curity Identity Server with more ease. - [Meet Curity at Gartner 2023 EMEA IAM Summit | News](https://curity.io/news/curity-gartner-emea-iam-summit-2023/): Curity is an exhibitor at the upcoming Gartner 2023 EMEA Identity and Access Management Summit in London. Hope to see you there. - [Curity on BrightTalk | News](https://curity.io/news/curity-brighttalk/): We are excited to announce that our webinars will now be available live and on demand on BrightTalk. Learn more about our channel. - [Curity Awarded Best Presenter in Tech at the Florida Venture Summit | News](https://curity.io/news/curity-best-tech-presenter-florida-venture-summit/): Curity pleased to be named best presenter in the tech category at the Florida Venture Summit on December 6-7 2022. - [New Release: Curity Identity Server 7.6 | News](https://curity.io/news/curity-identity-server-7-6/): Learn what's new in the latest version of the Curity Identity Server, including a new SAML authenticator and several updates to the Admin UI… - [Meet API Community Peers at Nordic APIs 2023 Platform Summit | News](https://curity.io/news/curity-2023-platform-summit/): Nordic APIs Platform Summit is back in 2023. Join Curity and the Nordic APIs community in Stockholm next year. - [Curity's Travis Spencer on the Enterprise Security Weekly Podcast | News](https://curity.io/news/curity-enterprise-security-weekly-podcast/): Curity's Travis Spencer joined the ESW podcast to share his thoughts on modern access security. - [New Release: Curity Identity Server 7.5 | News](https://curity.io/news/curity-identity-server-7-5/): Learn what's new in the latest version of the Curity Identity Server, including several updates to the authentication action subsystem and… - [Curity selected by HealthHero to protect their core digital services | News](https://curity.io/news/curity-health-hero/): HealthHero joining a growing list of healthcare providers using the Curity Identity Server - [Curity joining Nordic APIs in LiveCast on Zero Trust | News](https://curity.io/news/zero-trust-livecast/): Discover what it takes to implement zero trust in Nordic APIs' LiveCast on November 16. Curity's Jonas Iggbom will present. - [Curity Recognized by Gartner® as a Sample Vendor | News](https://curity.io/news/curity-gartner-hype-cycle-digital-identity/): Curity has been named a Gartner Sample Vendor in the July 2022 Hype Cycle for Digital Identity report. - [New Release: Curity Identity Server 7.4 | News](https://curity.io/news/curity-identity-server-7-4/): Learn what's new in the latest version of the Curity Identity Server, including new Authentication Actions, new metrics for monitoring and… - [Meet Curity at API World 2022 | News](https://curity.io/news/curity-api-world-2022/): Curity is going to San Jose to participate in the largest API event. Don't miss our talks on October 26. Get your Free Open Pass with our… - [Webinar: Orchestrating Secure User Login with Authentication Actions | News](https://curity.io/news/orchestrating-login-authentication-actions-webinar/): Join us on November 8 to learn how to create highly customizable login flows with Authentication Actions. - [Meet Curity at Events This Fall | News](https://curity.io/news/curity-bits-pretzels-festival-identity-workshop/): Meet Curity at Bits & Pretzels Founders Festival in Munich on September 27-29 and at the Internet Identity Workshop in Mountain View… - [New Release: Curity Identity Server 7.3 | News](https://curity.io/news/curity-identity-server-7-3/): Learn what's new in the latest version of the Curity Identity Server, including Authorization Manager, Dynamic Authenticator and… - [We’re going to be at sTARTUp Day 2022 | News](https://curity.io/news/startup-day-2022/): Meet Curity at sTARTUp Day in Tartu, Estonia on August 24–26. - [New Release: Curity Identity Server 7.2 | News](https://curity.io/news/curity-identity-server-7-2/): Learn what's new in the latest version of the Curity Identity Server, including support for the EdDSA signing algorithm, GraphQL updates and… - [Webinar: An Engineer’s Guide to Signature Algorithms and EdDSA | News](https://curity.io/news/engineers-guide-signature-algorithms-and-eddsa/): Join us on August 24 to learn about signature algorithms and why EdDSA is an optimal choice for securing tokens. - [Facilitating the Future of Open Finance: New report from Curity | News](https://curity.io/news/new-report-facilitating-the-future-of-open-finance/): New research from Curity shows nearly half of all large institutions in the sector have already adopted Open Banking, with nearly three… - [New Course: API Security and Authorization | News](https://curity.io/news/api-security-authorization-online-course/): Learn about API security and authorization requirements and best practices in our new online course. - [Curity joining Nordic APIs LiveCast on Standardizing Open Banking | News](https://curity.io/news/standardizing-open-banking-livecast/): On June 15, join the Nordic APIs' LiveCast to learn about global open banking standards and financial-grade API security. - [New Release: Curity Identity Server 7.1 | News](https://curity.io/news/curity-identity-server-7-1/): Learn what's new in the latest version of the Curity Identity Server, including an even easier way to configure the look and feel, and a… - [Meet us at Identiverse | News](https://curity.io/news/curity-identiverse-conference/): Curity are pleased to join the Identiverse conference on June 21-24, 2022 in Denver. Curity's Jonas Iggbom will do a session on financial… - [Curity Signs Three New Customers in as Many Weeks | News](https://curity.io/news/3-new-customers-in-3-weeks/): Curity has landed three new customers in the last three weeks. These new customers are ACST, Apiable and Direct Wines. - [Curity at the Gartner Identity & Access Management Summit 2022 | News](https://curity.io/news/curity-gartner-iam-summit/): Curity is an exhibitor at the upcoming Gartner Identity and Access Management Summit 2022 in London. - [Travis Spencer on Stoplight's API Intersection Podcast | News](https://curity.io/news/spotlight-api-intersection-podcast/): Travis Spencer on Stoplight's API Intersection podcast to share his thoughts on what we can expect in the API security space in the coming… - [New Major Release: Curity Identity Server 7.0 | News](https://curity.io/news/curity-identity-server-7-0/): Learn what's new in the latest version of the Curity Identity Server, including a new GraphQL user management API, federated login for the… - [Curity Joining the APIsecure Conference | News](https://curity.io/news/curity-apisecure-event-2022/): Curity are taking part in the APIsecure conference dedicated to API threat management on April 6-7, 2022. - [Curity's Michal Trojanowski speaking at API Days Helsinki & North | News](https://curity.io/news/curity-at-api-days-helsinki/): On March 16, identity specialist Michal Trojanowski will join API Days Helsinki & North, talking about financial-grade security for APIs. - [Curity Taking Part in ESRM 2022 | News](https://curity.io/news/curity-esrm-2022/): Curity are pleased to join the Enterprise Security & Risk Management conference on March 24, 2022 in London. Curity's Gary Archer will do a… - [US and EU Patents Covering Hypermedia API Published | News](https://curity.io/news/hypermedia-patents-published/): Curity’s applications for US and EU patents related to Hypermedia Authentication API (HAAPI) are now public. - [New Release: Curity Identity Server 6.8 | News](https://curity.io/news/curity-identity-server-6-8/): Learn what's new in the latest version of the Curity Identity Server, including updates to the Admin UI and DevOps Dashboard, HAAPI SDKs and… - [Learn about Phishing Resistant Passwordless Authentication | News](https://curity.io/news/curity-yubico-webinar/): In this webinar, on March 9th, experts from Curity and Yubico will discuss phishing resistant passwordless authentication. We hope you can… - [Curity Partners with Beyond Identity | News](https://curity.io/news/curity-beyond-identity/): Curity partners up with Beyond Identity to achieve the best-of-breed zero trust solution with identity in focus. - [New Release: Curity Identity Server 6.7 | News](https://curity.io/news/curity-identity-server-6-7/): Learn what's new in the latest version of the Curity Identity Server, including the redirect URI policies, new Claims user interface, and… - [New and Updated Resources on the Token Handler Pattern | News](https://curity.io/news/new-resources-token-handler-for-spas/): Learn more about the Token Handler design pattern and implement it in your projects with these resources. It's especially useful for… - [Never Miss a New Curity Resource with the Timeline Feed | News](https://curity.io/news/curity-new-resources-feed/): Keep track of our most recent published articles, tutorials, videos and code examples with our new resource timeline. - [Curity Continues its Support of the Swedish Cancer Society's Work | News](https://curity.io/news/curity-supports-cancerfonden/): The Curity team are pleased to continue the annual tradition of making a financial donation to the Swedish Cancer Society. - [Webinar: The Flavors of Multi-Factor Authentication | News](https://curity.io/news/webinar-flavours-multi-factor-authentication/): Join us on December 14 to learn about different approaches to multi-factor authentication, best practices for user experience and… - [Curity Extends its Commitment to Open Source | News](https://curity.io/news/curity-extends-commitment-to-open-source/): We are pleased to continually expand our commitment to open source; we hope that these additional contributions coupled with our time and… - [New Release: Curity Identity Server 6.6 | News](https://curity.io/news/curity-identity-server-6-6/): Learn what's new in the latest version of the Curity Identity Server, including the new opt-in MFA action, optimized and reduced database… - [Managing Identities in Complex IT Environments Webinar | News](https://curity.io/news/curity-data-ductus-ica-webinar/): The webinar Managing Identities and App Security Consistently in a Complex IT Environment will take place on November 18. Join Curity, ICA… - [Curity taking part in API World 2021 | News](https://curity.io/news/curity-api-world-2021/): Curity are pleased to join the API World 2021 conference. Curity's Travis Spencer and Jonas Iggbom will do two talks on using hypermedia API… - [Integrate the Curity Identity Server with Tyk | News](https://curity.io/news/curity-tyk-guide-news/): Tyk published a tutorial for integrating the Curity Identity Server into the Tyk Developer Portal using OpenID Connect Dynamic Client… - [Article: Token-Based Access Control With Kong, OPA and Curity | News](https://curity.io/news/token-based-control-curity-kong-blog/): Curity's Jonas Iggbom published an article on the Kong Inc. blog. He explains how to implement the Phantom Token approach using the Curity… - [New Release: Curity Identity Server 6.5 | News](https://curity.io/news/curity-identity-server-6-5/): Learn what's new in the latest version of the Curity Identity Server, including the support for DCR pre- and post-processing procedures and… - [Webinar: Hardening Single Page Application Security | News](https://curity.io/news/webinar-hardening-spa-security/): Join us on November 9 to learn more about the Token Handler, an advancement of the common Backend for Frontend (BFF) design pattern, and its… - [Curity rated a leader by KuppingerCole | News](https://curity.io/news/kuppinger-cole-curity-leader/): In August 2021, KuppingerCole published their Leadership Compass for API Security and Management. In this report, Curity is identified as an… - [Curity sharing OAuth expertise on the Nordic APIs blog | News](https://curity.io/news/curity-oauth-nordic-apis/): Curity's Gary Archer shares his OAuth expertise on the Nordic APIs blog. He outlines the most common OAuth vulnerabilities in APIs, web and… - [Curity joining Nordic APIs LiveCast on Evolving Hypermedia | News](https://curity.io/news/evolving-hypermedia-livecast/): On September 29, tune in to Nordic APIs LiveCast to learn how to evolve hypermedia for new API use cases, including driving a sophisticated… - [Curity joining the EIC 2021 conference | News](https://curity.io/news/travis-spencer-speaking-eic-2021/): Curity are pleased to take part in the European Identity and Cloud Conference 2021. Curity's CEO Travis Spencer will present a talk on using… - [New Release: Curity Identity Server 6.4 | News](https://curity.io/news/curity-identity-server-6-4/): Learn what's new in the latest version of the Curity Identity Server, including support for rolling SSO and refresh tokens, Java 11 upgrade… - [Webinar: Financial-Grade APIs Now and in the Future | News](https://curity.io/news/webinar-fapi-now-and-in-future/): Join us on August 24 to dig into the OpenID protocol for creating safe APIs: The Financial-grade API (FAPI) profile. - [New Release: Curity Identity Server 6.3 | News](https://curity.io/news/curity-identity-server-6-3/): Learn what's new in the latest version of the Curity Identity Server, including the support for PAR, JAR, JARM, and encrypted request… - [We've got a blog! | News](https://curity.io/news/curity-api-security-blog-launch/): We are excited to announce the launch of the Curity blog, where we'll be sharing thoughts on API security and identity and access management… - [Curity Recently Selected Multiple Times in Germany | News](https://curity.io/news/curity-selected-in-germany/): Several German companies have chosen the Curity Identity Server to run and improve their digital offerings, protect high-value data and… - [Certified OpenID Connect CIBA Compliance | News](https://curity.io/news/certified-ciba-compliance/): The Curity Identity Server version 6.2 now conforms to the CIBA profile of the OpenID Connect protocol. - [Inter Deploys the Curity Identity Server | News](https://curity.io/news/inter-deploys-curity-brazilian-open-banking/): Brazilian Platform, Inter, has chosen Curity as a key provider of application security solutions to address and meet the requirements of… - [New Release: Curity Identity Server 6.2 | News](https://curity.io/news/curity-identity-server-6-2/): Learn what's new in the latest version of the Curity Identity Server, including the support for Client Initiated Backchannel Authentication… - [New Resources: Guides | News](https://curity.io/news/resources-guides-for-developing-apis-apps/): We are announcing the release of Guides, a new type of resource which provides helpful guidance in building your own OAuth and OpenID… - [New Course: Building an Identity Architecture | News](https://curity.io/news/building-identity-architecture-online-course/): Learn how to build a centralized and modular identity architecture based on open standards. We have launched a new online course. - [New Release: Curity Identity Server 6.1 | News](https://curity.io/news/curity-identity-server-6-1/): Learn what's new in the latest version of the Curity Identity Server, including the support for credential transformation procedures, new… - [Webinar: App2App Login with Authentication Workflows | News](https://curity.io/news/app2app-authentication-workflows-webinar/): Join us on May 18 to learn how you can level up App2App login with authentication workflows. - [Authentication as a Hypermedia API | News](https://curity.io/news/authentication-hypermedia-api-news/): Curity's Jacob Ideskog has written an article on the issue of authenticating users with an API, giving an overview of the problem and… - [Moving from Docker Hub to Azure Container Registry | News](https://curity.io/news/curity-moving-to-azure-container-registry/): Curity is moving all publications of the Curity Identity Server from Docker Hub to Azure Container Registry (ACR). The containers previously… - [Review of Curity Identity Server Community Edition | News](https://curity.io/news/curity-identity-server-community-edition-review/): Nordic APIs review the Curity Identity Server Community Edition to see how it can be used to control API access and protect applications. - [Webinar: Using OAuth, OIDC, and OPA for fine-grained authorization | News](https://curity.io/news/oauth-oidc-opa-finegrained-authorization-webinar/): Join us on April 14 to learn how you can implement a more powerful, scalable, and flexible approach to authorization for your microservices… - [New Resources: Financial-grade Security Guides | News](https://curity.io/news/financial-grade-open-banking-security-guides/): The Curity resource library is constantly growing. This time we have added a new section focusing on financial-grade security solutions. - [Curity joining Nordic APIs LiveCast on Securing Open Banking | News](https://curity.io/news/open-banking-livecast/): On March 24, join Nordic APIs LiveCast to explore the world of open banking and discuss the threats inherent in open banking APIs, common… - [New Release: Curity Identity Server 6.0 | News](https://curity.io/news/curity-identity-server-6-0/): Learn what's new in the latest version of the Curity Identity Server, including the feature-complete Hypermedia Authentication API. - [Webinar: Guarding privacy and security using API Gateways | News](https://curity.io/news/privacy-security-api-gateways-webinar/): Join us on March 17 to learn how you can enhance privacy and security by implementing the Phantom Token Flow using NGINX and the Curity… - [Whitepaper on Hypermedia Authentication API Security | News](https://curity.io/news/hypermedia-authentication-api-security-whitepaper/): Curity's new whitepaper explains the security of the hypermedia authentication API available in the Curity Identity Server. It shows… - [Curity sharing knowledge on the Foojay blog | News](https://curity.io/news/foojay-oidc-client/): In a new blog post, published on Foojay, Curity's Michał Trojanowski explains how to set up an OpenID Connect client with Spring Security… - [Data Privacy and GDPR Best Practices | News](https://curity.io/news/data-privacy-and-gdpr/): Maintaining data privacy and its enforcement via GDPR and other legislation can be a big challenge if you haven't set up the identity… - [New Whitepaper: The Neo-Security Architecture | News](https://curity.io/news/neo-security-architecture-whitepaper/): Curity's new whitepaper presents the basic concepts and principles of the Neo-Security Architecture, and the way it can provide a blueprint… - [Christmas is the season for giving | News](https://curity.io/news/christmas-charity-2020/): This Christmas season, we give special donations to three different charities close to our hearts. All doing incredibly important work in… - [Curity featured in Azul Customer Success Story | News](https://curity.io/news/curity-azul-zulu-customer-case-study/): Curity has entered the long list of leading companies across multiple industries to share their story of delivering value with Azul Zulu. - [Webinar: Native Mobile Login and Application Attestation | News](https://curity.io/news/native-mobile-login-app-attestation-webinar/): Creating secure, seamless user authentication from mobile apps is a challenge for developers. Join this webinar to learn about Curity’s… - [New Release: The Curity Identity Server - Community Edition | News](https://curity.io/news/community-edition-release/): We are pleased to announce the release of the Community Edition of the Curity Identity Server. - [New eBook: API Security | News](https://curity.io/news/api-security-ebook/): The use of APIs continues to increase, and protecting them and their data is critical. This new eBook from Curity and Nordic APIs gathers a… - [New Release: Curity Identity Server 5.4 | News](https://curity.io/news/curity-identity-server-5-4/): Learn what’s new in the latest version of the Curity Identity Server, including Hypermedia Authentication API, now out of beta. - [New Resources: Getting Started with the Curity Identity Server | News](https://curity.io/news/new-getting-started-page-news/): The Curity team is continuously working on improving and expanding resources, helping our customers get the most out of the Curity Identity… - [New Presentation: OAuth and OpenID Connect - What's Next? | News](https://curity.io/news/oauth-and-oidc-what-is-next-news/): In his presentation given at the most recent Nordic APIs Livecast, Curity's Jacob Ideskog talks about the current state of OAuth and OpenID… - [Course: OpenID Connect in Detail | News](https://curity.io/news/openid-connect-in-detail/): Get a comprehensive understanding of OpenID Connect from the comfort of your chair. We have launched a new online course offering as… - [Improving DevOpsSec Processes in Production Webinar | News](https://curity.io/news/improve-devopssec-processes-in-production/): In joint webinars with Azul, the Curity team will show how they use and embed Azul's Java Runtime Environment to deliver a highly scalable… - [New eBook: Nordic APIs Identity and APIs | News](https://curity.io/news/identity-and-apis-ebook/): Curity’s CEO, Travis Spencer, has written a foreword to Nordic APIs eBook Identity and APIs, highlighting the importance of identity and… - [Curity joining Nordic APIs LiveCast Identity and APIs | News](https://curity.io/news/identity-and-apis-livecast/): Join Nordic APIs for an hour-long event to learn why identity-driven standards are the best response to modern API threats and… - [Curity's Travis Spencer speaking at API Days Live London | News](https://curity.io/news/travis-spencer-speaking-at-api-days-live-london/): On Wednesday, October 28th, identity specialist Travis Spencer will join API Days London Live, talking about the hypermedia authentication… - [Server-to-Server Authorization Using Mutual TLS | News](https://curity.io/news/server-to-server-authorization-using-mutual-tls/): In an article published on Nordic APIs, Curity's Jonas Iggbom explains how to further strengthen a token-based approach for API security and… - [Webinar introducing the DevOps Dashboard on October 20th | News](https://curity.io/news/webinar-devops-dashboard/): Join our webinar "Remove bottlenecks and accelerate your team with Curity's DevOps Dashboard" on Tuesday October 20th and explore the brand… - [Webinar: Seamless mobile login and application attestation | News](https://curity.io/news/webinar-seamless-mobile-login/): Join the webinar on October 13th to learn about Curity’s new login API, enabling seamless API-based login from any device or browser. - [Curity Sponsors the Apache Foundation | News](https://curity.io/news/curity-sponsors-apache-foundation/): We are proud to sponsor the Apache Foundation. As open source becomes increasingly essential, the work of the Apache Foundation also becomes… - [New Release: Curity Identity Server 5.3 | News](https://curity.io/news/curity-identity-server-5-3/): Learn what’s new in the latest version of the Curity Identity Server, including a new DevOps Dashboard allowing developers and operators… - [Integrate your Curity server with the PagerDuty Alarm Handler | News](https://curity.io/news/pagerduty-alarm-handler-integration/): The Curity Identity Server 5.2 onward comes with a fully supported integration with PagerDuty, which is easily configured and works out of… - [ROPC is dead — Long Live the Authentication API | News](https://curity.io/news/ropc-is-dead-long-live-the-authentication-api/): Curity's Jacob Ideskog has written an article announcing the death of Resource Owner Password Credentials. It may seem controversial at… - [Curity's OAuth Tools receives award for Best in API Security | News](https://curity.io/news/curity-and-oauth-tools-win-api-award/): We’re excited to announce that OAuth Tools by Curity has won a 2020 API Award for Best in API Security. The 2020 API Awards celebrate… - [Curity Hypermedia Authentication API | News](https://curity.io/news/authentication-api/): We have published a new page dedicated to the Curity Identity Server's new browser-less hypermedia API. It allows an API client to directly… - [New resources: Integrating with AWS API Gateway | News](https://curity.io/news/integrating-curity-with-aws-api-gateway/): We have recently published tutorials and how-tos on how to integrate the Curity Identity Server with the AWS API Gateway. Read or watch… - [The Features of the Curity Identity Server Webinar | News](https://curity.io/news/new-features-webinars/): The 5.2 release of the Curity Identity Server includes some powerful new features. We will showcase the power of two of thse new features… - [New Release: Curity Identity Server 5.2 | News](https://curity.io/news/curity-identity-server-5-2/): Learn about latest release of the Curity Identity Server 5.2. This release includes a number of exciting new features and fixes. - [The Difference Between HTTP Auth, API Keys, and OAuth | News](https://curity.io/news/difference-between-http-auth-api-keys-oauth/): In a recent article published on Nordic APIs, Daniel Lindau compare three different ways to achieve secure authentication and authorization… - [Curity and Signicat in joint webinar June 11th | News](https://curity.io/news/curity-and-signicat-webinar/): On June 11th, Curity and Signicat will explore how you can achieve secure and easy eID authentication to cloud platforms in a live 60-minute… - [New Release: Curity Identity Server 5.1 | News](https://curity.io/news/curity-identity-server-5-1/): We are pleased to announce that version 5.1 of the Curity Identity Server is out. This minor release is more-or-less two releases in one! It… - [New office and new starters | News](https://curity.io/news/curity-new-office/): Earlier this month we moved to new offices in Stockholm with plenty of room for our growing team. We also welcomed new members to the team. - [Curity joining Nordic APIs LiveCast Maturing Platform Security | News](https://curity.io/news/livecast-maturing-platform-security/): On May 6th Curity identity expert Jacob Ideskog will join Nordic APIs LiveCast Maturing Platform Security. Those who join will learn how to… - [Course: Getting Started with OAuth and OpenID Connect | News](https://curity.io/news/getting-started-with-oauth-and-openid-connect/): Learn the basics of the leading security standards from the comfort of your chair. We have launched a new online course offering a… - [Bankdata Achieves a Modernized Identity Infrastructure | News](https://curity.io/news/bankdata-customer-story/): In a recent customer story, Michael Lind Mortensen, Lead Domain Architect at Bankdata talks about how Bankdata has improved and modernized… - [Webinar: Adaptive Authentication in OAuth Using Geo-location Data | News](https://curity.io/news/webinar-adaptive-authentication-oauth-geo-location/): In order to provide a safe login experience, more adaptive login methods are often needed. Join Curity's Travis Spencer in a webinar on… - [Just Released: WebAuthn Authenticator Plugin | News](https://curity.io/news/webauthn-authenticator-plugin/): We’re pleased to announce that Curity have released an open source WebAuthn Authenticator plug-in for the Curity Identity Server. - [New Release: Curity Identity Server 5.0 | News](https://curity.io/news/curity-identity-server-5-0/): We are pleased to announce that version 5.0 of the Curity Identity Server is out. This is the fifth major release in the lifecycle of the… - [Curity continues their growth journey | News](https://curity.io/news/3-new-joiners-in-january-2020/): The Curity team started the year by welcoming three new colleagues. We are pleased to welcome Judith Kahrer, Sathya Duraisamy and Kim… - [Curity's Travis Spencer on ProgrammableWeb's Developers Rock Podcast | News](https://curity.io/news/programmableweb-developers-rock-podcast/): Travis Spencer was recently interviewed by David Berlind of ProgrammableWeb. The conversation was recorded and you can now watch the… - [Curity OAuth Workshops at the Austin API Summit 2020 | News](https://curity.io/news/oauth-workshops-austin-api-summit-2020/): Curity will be hosting OAuth and OpenID Connect workshops at Nordic APIs 2020 Austin API Summit on May 4th. We wil host both an introductory… - [Curity rated a leader in product and innovation by KuppingerCole | News](https://curity.io/news/api-security-and-management-leadership-compass/): KuppingerCole recently published their Leadership Compass for API Security and Management. In this report, Curity is determined to be a… - [Successful customer experiences with the Curity Identity Server | News](https://curity.io/news/new-customer-stories/): We recently published several new customer stories which showcase how the Curity Identity Server can empower businesses to achieve their… - [We support the Swedish Cancer Society | News](https://curity.io/news/swedish-cancer-research-society/): We’re giving a special donation to the Swedish Cancer Society this holiday season. It's a charity very close to our hearts. They do… - [Curity Identity Server 4.5 released | News](https://curity.io/news/curity-identity-server-45-released/): We are delighted to announce that version 4.5 of the Curity Identity Server is out. This includes a number of fixes and some features… - [Webinar: Financial Grade APIs Using OAuth & OpenID Connect | News](https://curity.io/news/webinar-financial-grade-apis-using-oauth-oidc/): Financial-grade security is important not only for the financial sector. Join Curity's Travis Spencer in a webinar on December 11th, when he… - [Curity Identity Server 4.4 released | News](https://curity.io/news/curity-identity-server-44-released/): We are pleased to announce that version 4.4 of the Curity Identity Server is out. This release includes many fixes and features requested by… - [Curity propose enhancements to OAuth 2.0 | News](https://curity.io/news/curity-proposes-enhancements-to-oauth/): Curity have submitted a draft RFC, The OAuth 2.0 Authorization Framework: Claims. In the RFC, we propose an extension of OAuth 2.0 to… - [2019 Platform Summit Conference Wrap Up | News](https://curity.io/news/2019-platform-summit-conference-wrap-up/): Nordic APIs 5th Platform Summit took place in Stockholm 21-23 October 2019. We had speakers from all over the world, representing a wide… - [Curity Identity Server 4.3 released | News](https://curity.io/news/curity-identity-server-43-released/): We are delighted to announce that version 4.3 of the Curity Identity Server is out. Read on for what is new in the lastest release. - [Curity continues to grow | News](https://curity.io/news/curity-continues-to-grow/): As Curity continues to focus on growth, the team is expanding to support and execute on the company’s ambitious plans. We are pleased to… - [Join Curity at API World – Free Open Passes | News](https://curity.io/news/curity-at-api-world-2019/): We’ll be at API World in San Jose on October 8-10 discussing API Security. And now is your chance to join us as we have some Free Open… - [Curity Identity Server now on Docker Hub | News](https://curity.io/news/curity-identity-server-now-on-docker-hub/): We’re pleased to announce that Curity Identity Server is now available on Docker hub. With pre-built Docker images for every new release, it… - [Meet Curity at NGINX Conf 2019 in Seattle | News](https://curity.io/news/curity-at-nginx-conf-2019/): We’re excited to support NGINX Conf 2019. Curity will join the conference in Seattle on September 10 & 11 as a sponsor, and you will also… - [Curity OAuth Workshops at the 2019 Platform Summit | News](https://curity.io/news/oauth-workshops-2019-platform-summit/): On Monday 21st October, Curity will be hosting two OAuth and OpenID Connect workshops at Nordic APIs 2019 Platform Summit in Stockholm. We… - [Curity Identity Server 4.2 released | News](https://curity.io/news/curity-4-2-released/): We are happy to announce that version 4.2 of the Curity Identity Server has been released. It contains several enhancements, fixes and new… - [Curity's Jacob Ideskog speaking at GOTO Copenhagen | News](https://curity.io/news/jacob-ideskog-speaking-goto-copenhagen/): Curity are pleased to once again join the GOTO Copenhagen conference. On Tuesday 19th November, Curity identity specialist Jacob Ideskog… - [Curity Identity Server 4.1 released | News](https://curity.io/news/curity-4-1-is-out/): We are delighted to announce that version 4.1 of the Curity Identity Server is out. The latest version introduces the full-fledged concept… - [Webinar: Scalable Access Control for APIs | News](https://curity.io/news/webinar-scalable-access-control-for-apis/): We're excited to announce the 2nd webinar in our series. The upcoming webinar "Scalable Access Control for APIs" is taking place on… - [Watch LiveCast: Scaling API Security For Large Enterprises | News](https://curity.io/news/scaling-api-security-livecast/): This week Curity’s Daniel Lindau participated in a Nordic APIs LiveCast exploring API security strategies for large enterprises. He talked… - [2019 Austin API Summit Wrap Up | News](https://curity.io/news/2019-austin-api-summit-wrap-up/): Nordic APIs 2nd annual Austin API Summit took place in Austin, Texas 13-15 May. The event doubled in size from last year, and as organizers… - [Curity accelerates growth with investment led by Fairpoint Capital | News](https://curity.io/news/curity-accelerates-growth-with-fairpoint%20capital/): We are pleased to tell you that we are speeding up growth by completing an investment led by Fairpoint Capital, an offshoot of SEB, one of… - [We're proud to support TechWorld Summit | News](https://curity.io/news/techworld-summit-2019/): Curity will join the TechWorld Summit in Stockholm on June 4th. You will be able to meet us in person at our booth as well as hear Curity's… - [Webinar: Introduction to OAuth and OpenID Connect | News](https://curity.io/news/intro-to-oauth-and-oidc/): We're launching a series of free webinars. The first session 'An introduction to OAuth and OpenID Connect' is taking place on Wednesday June… - [New resource section on the Curity website | News](https://curity.io/news/new-resource-section/): We've recently published a new resource section on the Curity.io website. The resource center features articles on a range of topics… - [Curity Joins Nordic APIs LiveCast | News](https://curity.io/news/curity-joining-livecast-scaling-api-security/): Curity will participate in Nordic APIs' LiveCast ‘Scaling API Security For Enterprises’ on Wednesday June 19th. During the hour-long webinar… - [Launching OAuth Tools | News](https://curity.io/news/launching-oauth-tools/): We’re excited to tell you about OAuth.tools - An OAuth laboratory where you can easily connect to any OAuth server and try the full set of… - [We're excited to announce the release of Curity Identity Server 4.0 | News](https://curity.io/news/curity-400-released/): We're pleased to announce the release of Curity Identity Server 4.0. This release is very rich in features and includes more improvements… - [Curity's Stockholm office is growing | News](https://curity.io/news/curity-stockholm-office-is-growing/): The Curity team continues to grow, and we are pleased to announce that Peter Hagren and Dimitrios Zografos have just joined our Stockholm… - [Meet us at IDM Europe in Frankfurt | News](https://curity.io/news/curity-at-idm-europe/): Curity will join the IDM Europe conference Frankfurt on March 14th, which we are proud to be a part of. During the conference you will be… - [Curity 3.4.1. Released | News](https://curity.io/news/curity-341-released/): We are happy to announce that version 3.4.1 of the Curity Identity Server has been released. The latest version contains performance updates… - [Curity Hosting Workshops at the 2019 Austin API Summit | News](https://curity.io/news/2019-austin-api-summit-workshops/): We're pleased to announce that Curity will be hosting two workshops at Nordic APIs 2019 Austin API Summit on May 13th. Curity will host both… - [Christmas is just around the corner | News](https://curity.io/news/cancerfonden/): This year we’re giving a special donation to the Swedish Cancer Society. It is a charity that is very close to our hearts. They do… - [Hear from Curity Identity Experts at the 2019 Austin API Summit | News](https://curity.io/news/curity-at-austin-api-summit-2019/): On May 14-15, 2019, Nordic APIs are hosting the Austin API Summit in Texas. As supporters of Nordic APIs we’re pleased to announce that we… - [Curity 3.3.0. Released! | News](https://curity.io/news/33-release/): We are happy to announce that version 3.3.0 of the Curity Identity Server has been released. It’s a minor release; but contains several… - [Shell Energy has evolved their identity infrastructure with Curity | News](https://curity.io/news/shell-energy-evolve-id-infrastructure-with-curity/): In a recent customer story, Anu Shahi from First Utility talks about how Curity has helped the organization to implement a versatile and… - [Quickly Comply with PSD2 | News](https://curity.io/news/quickly-comply-with-psd2/): Version 3.3 of the Curity Identity Server is due out later this month and includes new features to make it easy to comply with PSD… - [8 Vital OAuth Flows and their Powers | News](https://curity.io/news/8-vital-oauth-flows-and-their-powers/): OAuth is a powerful solution for many providers. As with any tool, however, it’s only as powerful as it is understood by the user who… - [2018 Platform Summit Conference Wrap Up | News](https://curity.io/news/2018-platform-summit-wrapup/): The 2018 edition of the Platform Summit took place in Stockholm 22-24 October. This was the biggest event to date with about 480 total… - [Meet us at GOTO Copenhagen | News](https://curity.io/news/goto-copenhagen/): On November 19-23 Curity will attend GOTO Copenhagen, which we are proud sponsors of. During the conference you will be able to meet us in… - [Curity at API Security for Open Banking Summit in London | News](https://curity.io/news/open-banking/): Come and meet us at the API Security for Open Banking Summit, taking place 21st November in London. Travis Spencer, our CEO, will give a… - [Curity 3.1 and 3.2 released | News](https://curity.io/news/31-and-32-release/): We are happy to announce the release of Curity 3.1.0 and 3.2.0. Though not a major update, this release includes a lot of fixes and features… - [Curity and Java | News](https://curity.io/news/curity-and-java/): A forthcoming version of the Curity Identity Server will include a supported Java Virtual Machine (JVM) from Azul Systems, alleviating… - [Meet Us at API Con Berlin | News](https://curity.io/news/api-con-berlin-2018/): On September 24 – 26 Curity will attend the API Conference in Berlin, which we are proud sponsors of. During the conference you will be able… - [Curity at API:World in San Jose | News](https://curity.io/news/curity-at-api-world-san-jose-2018/): Come and meet us next week at the API:World, the world’s largest API conference next week in San Jose, CA between September 10 and 1… - [Curity OAuth Workshop at the 2018 Platform Summit | News](https://curity.io/news/platform-summit-2018-oauth-workshop/): On October 22nd, Curity will be hosting two workshops at Nordic APIs 2018 Platform Summit. Later on October 23rd – 24th we will have three… - [New Java Meetup Scheduled: Write once, run anywhere, again! | News](https://curity.io/news/java-meetup-write-once/): On August 22nd, Curity will host a new Java Meetup together with Oracle, at their office on Söder Mälarstrand 29 in Stockholm. - [Curity Identity Server 3.0 Released | News](https://curity.io/news/curity-30-released/): This is our most featureful, documented, and performant release ever! 3.0 marks a tremendous step forward in terms of capabilities, standard… - [Curity Presents at the API conference in Texas | News](https://curity.io/news/curity-at-austin-api-summit/): Curity will be joining Nordic APIs event The Austin API Summit in Austin, Texas, on June 11-13th. - [Curity Initiates Long-term Collaboration with Verisec | News](https://curity.io/news/long-term-collaboration-with-verisec/): Curity and Verisec, the company behind the mobile e-ID service Freja eID, enters into a technical partnership. - [New Privacy Policy | News](https://curity.io/news/privacy-policy/): You may have heard about the new General Data Protection Regulation ("GDPR"), that comes into effect May 25, 2018. Our aim is to be as… - [Meet Curity at the API Conference in London | News](https://curity.io/news/curity-at-api-conference-in-london/): On April 11th – 13th Curity will be exhibiting at the API Conference which will be held at Business Design Centre in London. The CEO of… - [Curity Proposes a New IETF Standard to Secure SPAs | News](https://curity.io/news/curity-propose-new-ietf-standard/): At IETF 101 in London, we were presenting the recently suggested RFC to the OAuth working group that will allow developers to secure their… - [Meet Curity at the APIs for Banking and FinTech Event in Copenhagen | News](https://curity.io/news/curity-at-apis-for-banking-event-copenhagen/): On March 22nd, Curity will host a half-day workshop on OAuth and OpenID Connect at Nordic APIs and Copenhagen Fintech’s event APIs for… - [Curity is hosting a Java Meetup together with Computer Futures | News](https://curity.io/news/java-meetup-with-computer-futures/): Curity is the proud organizer behind the Stockholm Java User Group meetup. The next meetup will be hosted together with Computer Futures… - [Learn About Phantom Tokens at API Days in Paris | News](https://curity.io/news/learn-about-phantom-tokens-at-api-days-paris/): We are happy to be attending API Days in Paris on January 30th, where our CEO Travis Spencer will be holding a session on Secure Your APIs… - [The Curity Identity Server Is now OpenID Connect Certified | News](https://curity.io/news/curity-openid-certified/): We are very happy to announce that the Curity Identity Server is now OpenID Connect certified by the OpenID Foundation. Curity is a strong… - [Operate | Curity Identity Server](https://curity.io/resources/operate/): Resources providing insights on the deployment and operational aspects of API security and identity management - [Develop | Curity Identity Server](https://curity.io/resources/develop/): Browse articles on how to build and implement identity and API Security solutions. - [Architect | Curity Identity Server](https://curity.io/resources/architect/): Resources providing context, information and best practices for architecting and designing an identity system. - [Use Cases | Curity Identity Server](https://curity.io/resources/use-cases/): Examples of how you can organize and implement an identity management solution to get the most out of OAuth2 and OpenID Connect. - [Tutorials | Curity Identity Server](https://curity.io/resources/tutorials/): In the Tutorials section, you can find more detailed guides describing common scenarios using the Curity Identity Server. You can follow them step by step or use them as reference for common tasks. - [Security Architecture | Curity Identity Server](https://curity.io/resources/neo-security/): What is Neo-Security Architecture? Learn about the terms, concepts and building blocks for a security design. - [Security Architecture Best Practices | Curity Identity Server](https://curity.io/resources/security-architecture-best-practices/): How can you best implement the neo-security architecture? Learn about architecting APIs and identity to strengthen network and cloud security. - [Single Sign-On | Curity Identity Server](https://curity.io/resources/sso/): What is Single Sign-On, when is it needed, and how does it work? In these articles, Curity experts share insights on different aspects of SSO and best practices for implementation. - [Multi-Factor Authentication | Curity Identity Server](https://curity.io/resources/mfa/): An introduction to multi-factor authentication. Resources offering multi-factor examples and approaches. Learn how to authenticate users with an MFA solution. - [Claims & Scopes | Curity Identity Server](https://curity.io/resources/claims/): Learn how claims and scopes can be used for standards-based authorization. - [OpenID Connect | Curity Identity Server](https://curity.io/resources/openid-connect/): Explore the OpenID Connect authorization framework. Learn about OpenID Connect vs. OAuth, OpenID Connect Code Flow, Dynamic Client Registration, and more. - [OAuth 2.0 | Curity Identity Server](https://curity.io/resources/oauth/): Explore OAuth 2.0. What is it and how can you best implement it? - [API Security | Curity Identity Server](https://curity.io/resources/api-security/): Discover different aspects of API Security and learn best practice approaches. - [Client Security | Curity Identity Server](https://curity.io/resources/client-security/): Discover different aspects of client security and learn best practice approaches. - [Hypermedia Authentication API | Curity Identity Server](https://curity.io/resources/haapi/): Explore the Curity Hypermedia Authentication API - [Financial Grade | Curity Identity Server](https://curity.io/resources/financial-grade/): Guides on going beyond standard OAuth security and using financial grade options for the strongest security - [User Management | Curity Identity Server](https://curity.io/resources/user-management/): Leveraging the standardized SCIM interface for user management - [Operation and Configuration | Curity Identity Server](https://curity.io/resources/operation-and-configuration/): Designs for deploying and operating an identity server - [Decentralized Identities | Curity Identity Server](https://curity.io/resources/decentralized-identities/): A decentralized ecosystem for digital identification builds upon verifiable credentials and decentralized identifiers. In these articles, Curity experts share insights on different aspects of verifiable credentials and decentralized identities. - [Customer Identity and Access Management | Curity Identity Server](https://curity.io/resources/ciam/): Articles detailing the specifics of a Customer Identity and Access Management (CIAM) system, explaining how CIAM differs from traditional IAM and highlighting the key traits of a modern, secure CIAM solution. - [AI Agents Security | Curity Identity Server](https://curity.io/resources/aiagents/): Articles about security architectures, specifications, and concepts that are used when LLM-powered applications, AI agents, call APIs. - [Installation | Curity Identity Server](https://curity.io/resources/setup/): Installation and setup of the Curity Identity Server - [First Configuration | Curity Identity Server](https://curity.io/resources/first-config/): First Configuration when getting started with the Curity Identity Server - [Test configuration | Curity Identity Server](https://curity.io/resources/tryit/): Test and try your Curity Identity Server configuration. - [Getting Started Summary | Curity Identity Server](https://curity.io/resources/summary/): How to proceed after running the getting started tutorials - [Curity Token Handler | Curity Identity Server](https://curity.io/resources/tokenhandler-getting-started/): An overview of important concepts when getting started with the Curity Token Handler. - [Curity Concepts | Curity Identity Server](https://curity.io/resources/concepts-overview/): An overview of important concepts when getting started with the Curity Identity Server. - [Working with Authentication | Curity Identity Server](https://curity.io/resources/authentication/): Learn how to configure and implement various authenticators in the Curity Identity Server, such as Microsoft Entra ID, Google, WebAuth, Signicat, Apple, and more. - [Using Authentication Actions | Curity Identity Server](https://curity.io/resources/authentication-actions/): Learn how to use authentication actions to orchestrate the behavior of an authentication flow. They support among others MFA, storing, fetching and dynamically modifying user attributes, linking accounts or prompting users, e.g., to agree on the terms of services, and much more. - [OAuth & OpenID Connect Flows | Curity Identity Server](https://curity.io/resources/flows/): Learn how to work with OAuth and OpenID Connect in the Curity Identity Server. How to run code flow, implicit flow, hybrid flow, client credentials flow and more. - [Advanced OAuth & OpenID Connect | Curity Identity Server](https://curity.io/resources/advanced/): Learn how to configure the Curity Identity Server using advanced OAuth & OpenID Connect. - [Working with Tokens and Claims | Curity Identity Server](https://curity.io/resources/tokens-and-claims/): Learn how to customize tokens and take control over claims used for authorization in APIs - [Non-human Identities | Curity Identity Server](https://curity.io/resources/non-human-identities/): Learn how workloads can use strong client credentials during OAuth flows to establish trust, improve the client level of assurance, and enable the use of sender-constrained access tokens - [Decentralized Identity | Curity Identity Server](https://curity.io/resources/decentralized-identities-tutorials/): Learn how to integrate self-controlled identities, using decentralized identifiers and verifiable credentials as building blocks - [Deployment | Curity Identity Server](https://curity.io/resources/deploy/): Learn how to deploy the Curity Identity Server in Docker, Azure, AWS and more. - [Kubernetes | Curity Identity Server](https://curity.io/resources/kubernetes/): Learn how to deploy and operate the Curity Identity Server within a Kubernetes cluster. - [Configuration Management | Curity Identity Server](https://curity.io/resources/configuration/): Learn productive ways to manage security settings and crypto keys for a deployment pipeline, reliably and without duplication. - [Data Management | Curity Identity Server](https://curity.io/resources/data-management/): Learn ways to manage identity data, including user accounts, user credentials, sessions and tokens. - [Migrations | Curity Identity Server](https://curity.io/resources/migrations/): Learn how to migrate from other identity and access management systems to the Curity Identity Server. - [Administration | Curity Identity Server](https://curity.io/resources/administration/): Learn how to restrict access to the Curity Identity Server and implement administration use cases. - [Dashboard and API Access | Curity Identity Server](https://curity.io/resources/users/): Learn how to manage users and other identity resources, with built-in SCIM and GraphQL APIs. - [Branding and User Experience | Curity Identity Server](https://curity.io/resources/branding-user-experience/): Learn how to customize and brand user facing behaviors, using the Curity Identity Server. - [Logging and Monitoring | Curity Identity Server](https://curity.io/resources/logging-monitoring/): Learn how to monitor system behavior after deployment by configuring various loggings and alarms. - [Integrations | Curity Identity Server](https://curity.io/resources/integrations/): Learn how to securely integrate external systems with the Curity Identity Server. - [Writing Plugins Using Curity's Java SDK | Curity Identity Server](https://curity.io/resources/writing-plugins/): Learn how to write plugins using Curity's Java SDK to extend the Curity Identity Server capabilities. - [API Gateway Integration - Phantom Token | Curity Identity Server](https://curity.io/resources/phantom-token-integration/): Learn how to integrate an API Gateway with the Curity Identity Server leveraging the Phantom Token Pattern. - [API Gateway Integration - Split Token | Curity Identity Server](https://curity.io/resources/split-token-integration/): Learn how to integrate an API Gateway with the Curity Identity Server leveraging the Split Token Pattern. - [API Gateway Integration - OAuth Proxy | Curity Identity Server](https://curity.io/resources/oauth-proxy-integration/): Learn how to use an API Gateway plugin as the web entry point for APIs, and implement browser security checks. - [API Gateway Integration - Advanced | Curity Identity Server](https://curity.io/resources/api-gateway-advanced/): Learn about advanced API Gateway integrations with the Curity Identity Server. - [Web Applications | Curity Identity Server](https://curity.io/resources/web-applications/): Learn how to integrate various styles of web application with the endpoints of the Curity Identity Server - [Hypermedia Authentication API Configuration | Curity Identity Server](https://curity.io/resources/haapi-setup/): Introductory hypermedia authentication API concepts, with background on the initial setup and required settings in the Curity Identity Server - [Instructions on Integrating HAAPI Flows into Mobile Apps | Curity](https://curity.io/resources/haapi-ui-sdk/): Step by step guides to secure your mobile apps, then customize the important behaviors. - [Secure your APIs with our code examples | Curity Identity Server](https://curity.io/resources/writing-apis/): Our code examples help you strengthen API security using common languages or frameworks. For example, learn how to authorize requests based on OAuth tokens such as JWTs. - [How to write Single Page Applications using OAuth | Curity Identity Server](https://curity.io/resources/writing-spas/): Code examples for creating OAuth clients for Single Page Applications, the token handler pattern, OAuth Agent, Assisted Token Flow and more. - [How to create OAuth clients for websites | Curity Identity Server](https://curity.io/resources/writing-websites/): Code examples on how to secure your web applications using OAuth and OpenID Connect. - [OpenID Connect Clients for Mobile Apps | Curity](https://curity.io/resources/writing-mobileapps/): Code examples for setting up OpenID Connect Clients for mobile apps, using App OAuth library for iOS or Android, HAAPI SDK and more. - [Use OAuth to secure API access from AI agents. | Curity Identity Server](https://curity.io/resources/securing-ai-agents/): Code examples to show how to securely integrate AI agents with APIs, using interoperable security. - [Event Listener Plugins | Curity Identity Server](https://curity.io/resources/plugins-event-listeners/): Find examples of event listeners plugins, such as Amazon SQS, Apigee Token Publisher, Apigee Split Token Publisher, AWS Split Token and more. - [Authentication Action Plugins | Curity Identity Server](https://curity.io/resources/plugins-authentication-actions/): Find examples of authentication actions plugins, such as debug attribute actions, redirect actions, send email actions, time-based authentication actions and more. - [Authenticator Plugins | Curity Identity Server](https://curity.io/resources/plugins-authenticators/): Learn how to enable authenticator plugins that can be integrated with the Curity Identity Server as a way of authenticating users. - [Claims Providers for the Curity Identity Server | Curity Identity Server](https://curity.io/resources/plugins-claims-providers/): Find examples of claims provider plugins as a way of enabling applications to trust user attributes. - [Data source plugins for the Curity Identity Server | Curity Identity Server](https://curity.io/resources/plugins-data-access/): Find examples of data source plugins such as RESTful data access, PBKDF2 credential data access and MongoDB data acess. - [Emailer plugins for the Curity Identity Server | Curity Identity Server](https://curity.io/resources/plugins-emailers/): Find examples of plugins for emailers such as Twiilio SendGrid Emailer Plugin. - [SMS Senders Plugins for the Curity Identity Server | Curity Identity Server](https://curity.io/resources/plugins-sms-senders/): Find examples of SMS sender plugins such as RESTful SMS Sender plugin and Tele2 SMS Plugin. - [How to Integrate Alarm Handlers | Curity Identity Server](https://curity.io/resources/plugins-alarm-handlers/): Code examples for alarm handler plugins. integrate with Cloud Monitoring Systems. - [Consentor Plugins for the Curity Identity Server | Curity Identity Server](https://curity.io/resources/plugins-consentors/): Find examples of generic and signing consentors and learn how to perform certain tasks. Download code example from GitHub. - [Authorization Manager Plugins | Curity Identity Server](https://curity.io/resources/plugins-authorization-managers/): Example implementations of Authorization Managers for DCR and User Management endpoints. - [Token Procedure Plugins | Curity Identity Server](https://curity.io/resources/plugins-token-procedures/): Example implementations of Token Procedure plugins. Examples of procedures that alter responses from the token endpoint in different OAuth and OpenID Connect flows. - [Integration With Identity Providers | Curity Identity Server](https://curity.io/resources/external-idps/): Tutorials for integrating the Curity Identity Server with any existing Identity Provider. - [Session 7: OAuth for Mobile Applications | Courses](https://curity.io/resources/courses/getting-started-with-oauth-and-openid-connect/oauth-for-mobile-applications/): When using OAuth in mobile applications it's important to follow the best practices. The applications is considered to be a public client that cannot hold a secret, so how do we secure the requests? We will also discuss how to turn a public client into a confidential client using Dynamic Client Registration. - [Building an Identity Architecture | Courses](https://curity.io/resources/courses/building-an-identity-architecture/introduction-to-neo-security/): In the first session, we will introduce you to the concept of Neo-security and then take a closer look at the three pain parts of the systems that adhere to it: - [API Integration Patterns | Courses](https://curity.io/resources/courses/building-an-identity-architecture/api-integration-patterns/): In this part, we will look at API integration patterns and how to properly secure your APIs in the Neo-security architecture. We will talk about: - [API Integration Patterns (continued) | Courses](https://curity.io/resources/courses/building-an-identity-architecture/api-integration-patterns-continued/): In the third part of the Building an Identity Architecture course, we continue learning about the different API integration patterns. We will take a closer look at: - [Identities and Access Management | Courses](https://curity.io/resources/courses/building-an-identity-architecture/identities-and-access-management/): In the fourth and last part of the Building an Identity Architecture course, we examine identities and access management, the details of authentication. In the session, we share: - [Session 1 - Deployment Essentials | Courses](https://curity.io/resources/courses/deploying-the-curity-identity-server/deployment-essentials/): This session introduces the essential concepts of the Curity Identity Server. Topics covered are: - [Session 2 - Deployment Concepts | Courses](https://curity.io/resources/courses/deploying-the-curity-identity-server/deployment-concepts/): This session explains deployment concepts of the Curity Identity Server that enable simple or complex setups. Topics covered are: - [Session 1: Overview and Requirements | Courses](https://curity.io/resources/courses/api-security-and-authorization/overview-and-requirements/): In this first session, we will walk through an overview of authorization and look at the different stakeholders that define the requirements for authorization. - [Session 2: Techniques | Courses](https://curity.io/resources/courses/api-security-and-authorization/techniques/): In this second session, we focus on the techniques of authorization: the use of claims, authorization in layers, how to externalize it to an entitlement management system, and more. - [OAuth Libraries | Curity Identity Server](https://curity.io/resources/guides/libraries/): Recommended OAuth libraries for secure authentication and use of tokens - [API | Guides](https://curity.io/resources/guides/api/): What technology are you using for your API? - [OAuth Libraries for APIs | Curity Identity Server](https://curity.io/resources/guides/libraries/api/): Recommended OAuth libraries for protecting data in APIs, using JWTs, claims and scopes - [How to secure a Spring Security API | Guides](https://curity.io/resources/guides/api/spring/): Guides showing how to use OAuth security features with Spring Security, to protect data using JWTs, claims and scopes - [How to secure a Java API | Guides](https://curity.io/resources/guides/api/java/): Guides showing how to use OAuth security features in Java, to protect data using JWTs, claims and scopes - [How to secure a Kotlin API | Guides](https://curity.io/resources/guides/api/kotlin/): Guides showing how to use OAuth security features in Kotlin, to protect data using JWTs, claims and scopes - [How to secure a .NET API | Guides](https://curity.io/resources/guides/api/netcore/): Guides showing how to use OAuth security features in .NET and C#, to protect data using JWTs, claims and scopes - [How to secure a Node.js API | Guides](https://curity.io/resources/guides/api/nodejs/): Guides showing how to use OAuth security features in Node.js, to protect data using JWTs, claims and scopes - [How to secure a Python API | Guides](https://curity.io/resources/guides/api/python/): Guides showing how to use OAuth security features in Python, to protect data using JWTs, claims and scopes - [How to secure a Symfony API | Guides](https://curity.io/resources/guides/api/symfony/): Guides showing how to use OAuth security features in PHP and Symfony, to protect data using JWTs, claims and scopes - [How to secure a Go API | Guides](https://curity.io/resources/guides/api/go/): Guides showing how to use OAuth security features in Go, to protect data using JWTs, claims and scopes - [How to secure an API | Guides](https://curity.io/resources/guides/api/other/): Resources explaining general concepts of securing APIs using access tokens, claims and scopes. These concepts can be used with any technology of choice to implement API security. Take a look at the technology specific sections to find code examples showing concrete implementations. - [Single Page Application | Guides](https://curity.io/resources/guides/spa/): What technology are you using for your Single Page Application? - [OAuth Libraries for Single Page Applications | Curity Identity Server](https://curity.io/resources/guides/libraries/spa/): Recommended OAuth libraries for protecting SPAs, to enable secure authentication and API access - [How to secure a Javascript Single Page Application | Guides](https://curity.io/resources/guides/spa/javascript/): Guides showing how to use OAuth security features in a generic SPA, to enable secure authentication and API calls - [How to secure a React Single Page Application | Guides](https://curity.io/resources/guides/spa/react/): Guides showing how to use OAuth security features in a React SPA, to enable secure authentication and API calls - [How to secure an Angular Single Page Application | Guides](https://curity.io/resources/guides/spa/angular/): Guides showing how to use OAuth security features in an Angular SPA, to enable secure authentication and API calls - [How to secure a Single Page Application | Guides](https://curity.io/resources/guides/spa/other/): Resources explaining general concepts of securing a Single Page Application (SPA). These concepts can be used with any technology of choice to implement security for a SPA. Take a look at the technology specific sections to find code examples showing concrete implementations. - [Website | Guides](https://curity.io/resources/guides/website/): What technology are you using for your Website? - [OAuth Libraries for Websites | Curity Identity Server](https://curity.io/resources/guides/libraries/website/): Recommended OAuth libraries for protecting Websites, to enable secure authentication and API access - [How to secure a Spring website | Guides](https://curity.io/resources/guides/website/spring/): Guides showing how to use OAuth security features in a Spring website, to enable secure authentication and API calls - [How to secure a Java website | Guides](https://curity.io/resources/guides/website/java/): Guides showing how to use OAuth security features in a Java website, to enable secure authentication and API calls - [How to secure a .NET website | Guides](https://curity.io/resources/guides/website/netcore/): Guides showing how to use OAuth security features in a .NET website, to enable secure authentication and API calls - [How to secure a Node.js website | Guides](https://curity.io/resources/guides/website/nodejs/): Guides showing how to use OAuth security features in a Node.js website, to enable secure authentication and API calls - [How to secure a Python website | Guides](https://curity.io/resources/guides/website/python/): Guides showing how to use OAuth security features in a Python website, to enable secure authentication and API calls - [How to secure a website | Guides](https://curity.io/resources/guides/website/other/): Resources explaining general concepts of securing websites using access tokens, claims and scopes. These concepts can be used with any technology of choice to implement website security. Take a look at the technology specific sections to find code examples showing concrete implementations. - [Mobile App | Guides](https://curity.io/resources/guides/mobile/): What technology are you using for your Mobile App? - [OAuth Libraries for Mobile Apps | Curity Identity Server](https://curity.io/resources/guides/libraries/mobile/): Recommended OAuth libraries for protecting Mobile Apps, to enable secure authentication and API access - [How to secure a Swift Mobile App | Guides](https://curity.io/resources/guides/mobile/swift/): Guides showing how to use OAuth security features in a Swift iOS app, to enable secure authentication and API calls - [How to secure a Kotlin Mobile App | Guides](https://curity.io/resources/guides/mobile/kotlin/): Guides showing how to use OAuth security features in a Kotlin Android app, to enable secure authentication and API calls - [How to secure a React Native Mobile App | Guides](https://curity.io/resources/guides/mobile/reactnative/): Guides showing how to use OAuth security features in a React Native app, to enable secure authentication and API calls - [How to secure a Mobile App | Guides](https://curity.io/resources/guides/mobile/other/): Resources explaining general concepts of securing mobile apps using access tokens, claims and scopes. These concepts can be used with any technology of choice to implement mobile app security. Take a look at the technology specific sections to find code examples showing concrete implementations. - [API Gateway Integration | Guides](https://curity.io/resources/guides/apigateway/): What technology are you using for your API Gateway Integration? - [How to secure access to APIs using NGINX | Guides](https://curity.io/resources/guides/apigateway/nginx/): Guides showing how to use the NGINX reverse proxy and OAuth design patterns to secure access to APIs - [How to secure access to APIs using Kong Gateway | Guides](https://curity.io/resources/guides/apigateway/kong/): Guides showing how to use the Kong API Gateway and OAuth design patterns to secure access to APIs - [How to secure access to APIs using AWS API Gateway | Guides](https://curity.io/resources/guides/apigateway/aws/): Guides showing how to use the AWS API Gateway and OAuth design patterns to secure access to APIs - [How to secure access to APIs using Azure API Management | Guides](https://curity.io/resources/guides/apigateway/azure/): Guides showing how to use Azure API Management and OAuth design patterns to secure access to APIs - [How to secure access to APIs using Apigee Edge | Guides](https://curity.io/resources/guides/apigateway/apigee/): Guides showing how to use the Apigee Edge platform and OAuth design patterns to secure access to APIs - [How to secure access to APIs using using Cloudflare Gateway | Guides](https://curity.io/resources/guides/apigateway/cloudflare/): Guides showing how to use Cloudflare Gateway and OAuth design patterns to secure access to APIs - [How to secure access to APIs using Broadcom CA Layer7 API Gateway | Guides](https://curity.io/resources/guides/apigateway/layer7/): Guides showing how to use the Broadcom CA Layer7 API Gateway and OAuth design patterns to secure access to APIs - [Tyk API Gateway | Guides](https://curity.io/resources/guides/apigateway/tyk/): Resources describing how to use the Tyk API Gateway to supply access tokens to APIs - [Zuplo API Gateway | Guides](https://curity.io/resources/guides/apigateway/zuplo/): Resources describing how to use the Zuplo API Gateway to supply access tokens to APIs - [Mulesoft API Gateway | Guides](https://curity.io/resources/guides/apigateway/mulesoft/): Resources describing how to use the Mulesoft API Gateway to supply access tokens to APIs - [IBM API Connect | Guides](https://curity.io/resources/guides/apigateway/ibm/): Resources describing how to use IBM API Connect to supply access tokens to APIs - [Other API Gateways | Guides](https://curity.io/resources/guides/apigateway/other/): Resources relevant to integration with API Gateways in general. The vendor specific integrations are not the only gateways/reverse proxies that integration is possible with. The resources listed here provide details that are relevant to integrate the Curity Identity Server with other vendors. - [Design AI for Enterprises | Curity Identity Server](https://curity.io/resources/learn/ai-for-enterprises/): A thought process for enterprises to plan ahead on AI initiatives and meet cross-team requirements. - [Design MCP Authorization to Securely Expose APIs | Curity](https://curity.io/resources/learn/design-mcp-authorization-apis/): Learn how organizations can extend the reach of APIs and restrict access to sensitive data. - [How to Access APIs From an AI Agent in a Secure Way | Curity Identity Server](https://curity.io/resources/learn/api-access-across-trust-domains/): Secure API access from AI agents that cross trust boundaries: requirements, examples and advices. Secure your AI agents by federating identity and authorization across trust domains. - [Design MCP Authorization to Securely Expose APIs | Curity](https://curity.io/resources/learn/mcp-authorization-lifecycle/): Learn about the security standards and endpoints to enable MCP clients to safely access sensitive data. - [8 API Security Best Practices For AI Agents | Curity Identity Server](https://curity.io/resources/learn/api-security-best-practice-for-ai-agents/): Secure APIs with OAuth, scopes, and claims. Learn API security best practices for safe, fine-grained authorization in AI integrations. - [Establish Trust for AI Agents at Runtime | Curity Identity Server](https://curity.io/resources/learn/dynamic-trust-for-ai-agents/): AI agents need to be able to establish trust at runtime to securely integrate with other services on demand. Read up on how to dynamically establish trust for AI agents. - [Browserless OAuth | Curity Identity Server](https://curity.io/resources/learn/browserless-oauth-ai-agents/): OAuth commonly relies on the browser for user interactions and authentication. This behavior can create friction in the user experience. This is where browserless OAuth comes in. - [API Security Maturity Model: Identity-Centric Approach | Curity](https://curity.io/resources/learn/the-api-security-maturity-model/): There is a spectrum of API security implementations, and not all of them are equal. The model describes API security in ever-increasing levels of trust, complexity, and efficiency. - [API Security Best Practices | Curity](https://curity.io/resources/learn/api-security-best-practices/): Learn API security best practices to safeguard your digital assets with effective authentication, authorization, and token management techniques. - [Managing Identities in a Kubernetes Environment | Curity](https://curity.io/resources/learn/identity-in-a-k8s-environment/): This article describes some architectural concepts for providing identity data to APIs and applications in a Kubernetes environment. - [OWASP Top 10 API Security Vulnerabilities | Curity](https://curity.io/resources/learn/owasp-top-ten/): A write-up of the top API security vulnerabilities according to OWASP and mitigating approaches. - [Split Token Approach: Enhancing API Token Security | Curity](https://curity.io/resources/learn/split-token-pattern/): The Split Token Approach, applicable for any OAuth 2.0 ecosystem, aims to improve your tokens' security. - [Securing APIs with The Phantom Token Approach | Curity](https://curity.io/resources/learn/phantom-token-pattern/): Adopt the Phantom Token Approach:a privacy-preserving token usage pattern for securing APIs and microservices. - [JWT Security Best Practices:Checklist for APIs | Curity](https://curity.io/resources/learn/jwt-best-practices/): JWT security best practices for apps: how to use access tokens safely, choose algorithms, validate JWTs correctly, and avoid common mistakes. - [Implementing Zero Trust APIs | Curity](https://curity.io/resources/learn/implementing-zero-trust-apis/): A summary of the main best practices when implementing a zero trust architecture to secure APIs, using OAuth 2.0 and OpenID Connect - [Self-contained JWTs | Curity](https://curity.io/resources/learn/self-contained-jwts/): Design patterns to allow JWTs to be validated using extended header fields and Public Key Infrastructure. - [Key Approaches to Token Sharing | Curity](https://curity.io/resources/learn/token-sharing/): Learn about the different ways in which access tokens can be shared. - [Workload Identities and API Security | Curity](https://curity.io/resources/learn/workload-identities/): An introduction to workload identities and their role in API security. - [Impersonation Approaches with OAuth and OpenID Connect | Curity](https://curity.io/resources/learn/impersonation-flow-approaches/): How to handle impersonation and delegation with OAuth and OpenID Connect to enable a subject to act as a different subject. - [Easy Guide to JWT Signatures Using EdDSA | Curity](https://curity.io/resources/learn/jwt-signatures/): This article explains how signatures work in JWTs in general and provides a detailed example based on the EdDSA algorithm - [Zero Trust API Events | Curity](https://curity.io/resources/learn/zero-trust-api-events/): Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume - [What's Customer Identity and Access Management, and Why Does it Matter | Curity](https://curity.io/resources/learn/ciam-overview/): Understand the main principles and benefits of customer identity and access management, and find out how it can be used by different industries. - [CIAM vs IAM: What's the Difference? | Curity](https://curity.io/resources/learn/iam-vs-ciam/): Explores the difference between CIAM and IAM, as well as the common security requirements and behaviors needed for digital solutions. - [How Customer Identity Access Management Protects Data | Curity](https://curity.io/resources/learn/how-ciam-protects-data/): Understand how organizations can leverage CIAM systems to better protect their user's data. - [How CIAM Secures API Access to Business Data | Curity](https://curity.io/resources/learn/ciam-api-security/): Understand how Customer Identity and Access Management serves APIs to enable the correct access to business data. - [What’s Partner IAM (PIAM) in a B2B Context? | Curity](https://curity.io/resources/learn/piam-overview/): Understand the main principles and benefits of Partner Identity and Access Management, and find out how it can solve various business-to-business use cases. - [What Are Scopes and Claims? A Short Overview | Curity](https://curity.io/resources/learn/scopes-vs-claims/): In OAuth and OpenID Connect, scopes and claims are common concepts. This article looks at the main differences between the two. - [What Are Claims and How Are They Used? | Curity](https://curity.io/resources/learn/what-are-claims-and-how-they-are-used/): When designing a token-based architecture, it's vital to know how identity data is handled in the system. Learn how Claims are used during authentication. - [What Are Scopes and How Do They Relate to Claims? | Curity](https://curity.io/resources/learn/scopes-and-how-they-relate-to-claims/): Learn what scopes are, their role in authorization, and how to handle them properly as well as the difference between OAuth scopes and OpenID Connect scopes. - [Using Claims in APIs | Curity Identity Server](https://curity.io/resources/learn/using-claims-in-apis/): Learn how to create a claims-based architecture for APIs and microservices. - [Designing Claims | Claims Explained](https://curity.io/resources/learn/scopes-claims-tokens-and-all-the-things-in-between/): This article provides an overview of the claims ontology. Scopes, claims, tokens and how they are related in the authentication system. - [Scopes, Claims and the Client | Curity Identity Server](https://curity.io/resources/learn/scopes-claims-and-the-client/): This article breaks down the different aspects of claims and scopes from a client perspective. We discuss tokens and claims, requesting and receiving claims. - [How to Centralize Identity Data Using Claims | Curity](https://curity.io/resources/learn/centralizing-identity-data/): An enterprise has many clients that require data of a user's identity. How can the claims infrastructure be used to sustain all parts of an organization? - [What is a Claims Authority? | Curity](https://curity.io/resources/learn/what-is-a-claims-authority/): A brief overview of what a claims authority is and what role it plays in the process of issuing claims. - [Selective Disclosure for JWTs (SD-JWT) | Curity Identity Server](https://curity.io/resources/learn/selective-disclosure-jwt/): Selective disclosure is the ability to select which data within a signed document to disclose to a counterpart compared to sharing all data at once. This article describes SD-JWT, a format that allows for selectively disclosing parts of a signed JWT. - [The Relationship between Consent and Claims | Curity](https://curity.io/resources/learn/the-relationship-between-consent-and-claims/): Learn how consent relates to claims in the authorization process. - [How to Use Default Scopes and Default Claims | Curity](https://curity.io/resources/learn/default-scopes/): Discover how to use the default scope with a set of default claims. - [Using Vectors of Trust in Identity Providers | Curity](https://curity.io/resources/learn/vectors-of-trust/): Vectors of Trust is a specification that provides a method for describing an identity transaction to determine a level of trust. - [OAuth Scopes Best Practices | Curity](https://curity.io/resources/learn/scope-best-practices/): Best practices for designing OAuth scopes in real world systems and managing them at scale. Discover how to perform API Authorization using Scopes. - [Claims Best Practices | Curity](https://curity.io/resources/learn/claims-best-practices/): Best practices for implementing claims. Learn how to issue custom claims step by step. - [Using OAuth for Single Page Applications | Best Practices](https://curity.io/resources/learn/spa-best-practices/): Single Page Applications (SPAs) are different from regular web applications, requiring further security measures. Learn how to use OAuth to secure SPAs. - [Mitigate XSS in OAuth Browser Apps | Best Practices | Curity](https://curity.io/resources/learn/oauth-xss-prevention/): Mitigate XSS threats in OAuth-secured Browser Based Apps - [Using OAuth and Cookies in Browser Based Apps | Best Practices | Curity](https://curity.io/resources/learn/oauth-cookie-best-practices/): Best practices for using web cookies and authorization server cookies securely and reliably - [OAuth for Mobile Apps - Best Practices | Curity](https://curity.io/resources/learn/oauth-for-mobile-apps-best-practices/): Best practices to harden security when integrating OAuth into mobile applications. - [Token Handler Design Overview | Curity Identity Server](https://curity.io/resources/learn/token-handler-overview/): A design overview of the key behavior when using the token handler pattern - [Token Handler Deployment Patterns | Curity Identity Server](https://curity.io/resources/learn/token-handler-deployment-patterns/): Design patterns for deploying an API-driven backend for front-end Single Page Applications - [The Nonce Authenticator Pattern | Curity](https://curity.io/resources/learn/nonce-authenticator-pattern/): An additional option to ensure your desired Single Sign-On behavior - [How to Handle Unsolicited SAML Responses with OAuth | Curity Identity Server](https://curity.io/resources/learn/unsolicited-saml/): Struggling with IdP-initiated SAML in OAuth? Learn solutions to handle unsolicited SAML responses, fix PKCE challenges, and secure OAuth 2.0 apps. - [Alarm Integration Plug-in | Curity Identity Server](https://curity.io/resources/learn/alarm-integration-plugin/): A plugin to integrate Curity Alarms with Cloud Monitoring Systems - [Choose Account Authentication Action | Curity Identity Server](https://curity.io/resources/learn/choose-account/): An Authentication Action that allows the user to choose which SSO session they want to log in with. - [Debug Attribute Authentication Action | Curity Identity Server](https://curity.io/resources/learn/debug-attribute/): An Authentication Action that can be used to view attributes during Authentication. - [Redirect Action Example | Curity Identity Server](https://curity.io/resources/learn/redirect-action-example/): An authentication action plugin example, which redirects the user to another page to complete the authentication flow. - [Send Email Action Example | Curity Identity Server](https://curity.io/resources/learn/send-email-action/): An Authenticator Action example which sends email to the user. - [Time Based Deny Authentication Action | Curity Identity Server](https://curity.io/resources/learn/time-based-deny-authentication-action/): Two plugins for time based Actions in the Authentication flow. - [Kong Dev Portal User Provisioner | Curity Identity Server](https://curity.io/resources/learn/provision-kong-dev-portal-user/): An Authentication Action that automates the provisioning of a user to the Kong Dev Portal. - [Azure API Management User Provisioner | Curity Identity Server](https://curity.io/resources/learn/provision-azure-api-management-user/): An Authentication Action that automates the provisioning of a user to the Azure API Management Portal. - [Microblink BlinkID Authentication Action | Curity Identity Server](https://curity.io/resources/learn/blink-id-scan-action/): An Authentication Action example which scans a users ID document for identity proofing. - [iProov Authentication Action | Curity Identity Server](https://curity.io/resources/learn/iproov-action/): An Authentication Action example which scans a user’s face for identity proofing. - [Bitbucket Authenticator | Curity Identity Server](https://curity.io/resources/learn/bitbucket-authenticator/): Bitbucket authenticator plugin example. - [Box Authenticator | Curity Identity Server](https://curity.io/resources/learn/box-authenticator/): An authenticator that uses Box to authenticate users. - [Idura Authenticator | Curity Identity Server](https://curity.io/resources/learn/idura-authenticator/): An authenticator that uses the Idura service to facilitate login using different eID solutions (e.g., the Swedish BankID). - [Dropbox Authenticator | Curity Identity Server](https://curity.io/resources/learn/dropbox-authenticator/): Dropbox authenticator plugin example. - [Entrust Authenticator | Curity Identity Server](https://curity.io/resources/learn/entrust-authenticator/): An authenticator that allows an integration of the Curity Identity Server with the Entrust IDaaS. - [Freja eID Authenticator | Curity Identity Server](https://curity.io/resources/learn/freja-authenticator/): An authenticator that uses the Freja eID signing service to do authentication. - [GitHub Authenticator | Curity Identity Server](https://curity.io/resources/learn/github-authenticator/): GitHub authenticator plugin example. - [Instagram Authenticator | Curity Identity Server](https://curity.io/resources/learn/instagram-authenticator/): An authenticator that uses Instagram to log users in. - [LinkedIn Authenticator | Curity Identity Server](https://curity.io/resources/learn/linkedin-authenticator/): An authenticator that uses LinkedIn to authenticate users. - [Nonce Authenticator | Curity Identity Server](https://curity.io/resources/learn/nonce-authenticator/): An authenticator that enables SSO navigation from a source to a target application, when SSO cookies cannot be used - [reCAPTCHA Authenticator | Curity Identity Server](https://curity.io/resources/learn/recaptcha-authenticator/): Google reCAPTCHA v2 authenticator plugin example. - [Salesforce Authenticator | Curity Identity Server](https://curity.io/resources/learn/salesforce-authenticator/): Salesforce authenticator plugin example. - [Slack Authenticator | Curity Identity Server](https://curity.io/resources/learn/slack-authenticator/): Slack authenticator plugin example. - [StackExchange Authenticator | Curity Identity Server](https://curity.io/resources/learn/stackexchange-authenticator/): An authenticator that uses StackExchange, including StackOverflow, to log users in. - [Twitter Authenticator | Curity Identity Server](https://curity.io/resources/learn/twitter-authenticator/): An authenticator that uses Twitter to authenticate users. - [Username Password Authenticator | Curity Identity Server](https://curity.io/resources/learn/codeexamples-username-password-authenticator/): A Username Password authenticator plug-in example. - [Windows Live Authenticator | Curity Identity Server](https://curity.io/resources/learn/windows-live-authenticator/): An authenticator that uses Windows Live to authenticate users. - [XACML Authorization Manager | Curity Identity Server](https://curity.io/resources/learn/xacml-authorization-manager/): Implementing a XACML Authorization Manager - [Open Policy Agent Authorization Manager | Curity](https://curity.io/resources/learn/opa-authorization-manager/): Implementing an Open Policy Agent (OPA) Authorization Manager - [AuthZEN Authorization Manager | Curity Identity Server](https://curity.io/resources/learn/authzen-authorization-manager/): Implementing an AuthZEN Authorization Manager - [Salesforce Claims Provider | Curity Identity Server](https://curity.io/resources/learn/salesforce-claims-provider/): A claims value provider that fetches values from Salesforce. - [Example Generic Consentor | Curity Identity Server](https://curity.io/resources/learn/example-generic-consentor/): This project provides an example of a Generic Consentor plugin for Curity Identity Server. - [PBKDF2 Credential Data Access Plugin | Curity Identity Server](https://curity.io/resources/learn/pbkdf2/): A data source plugin that serves to verify credentials hashed with PBKDF2 - [RESTful Data Access Plugin | Curity Identity Server](https://curity.io/resources/learn/restful-data-access/): A data source plugin that communicates with a RESTful Json backend as data source. - [RESTful Emailer Plug-in | Curity Identity Server](https://curity.io/resources/learn/restful-emailer/): Emailer plugin that uses a REST service to send emails. - [Twilio SendGrid Emailer Plugin | Curity Identity Server](https://curity.io/resources/learn/sendgrid-emailer/): Emailer plugin that uses the Twilio SendGrid Email API to send emails. - [Amazon SQS Event Listener | Curity Identity Server](https://curity.io/resources/learn/amazon-sqs/): An event listener that publishes Curity events to Amazon SQS. - [Apigee Token Publisher Event Listener | Curity Identity Server](https://curity.io/resources/learn/apigee-edge-token-publisher/): An event listener that publishes token data to Apigee for later verification in an API proxy. - [Apigee Split Token Publisher Event Listener | Curity Identity Server](https://curity.io/resources/learn/apigee-split-token-publisher/): An event listener that publishes token data to Apigee using a split token approach. - [AWS Split Token Publisher Event Listener | Curity Identity Server](https://curity.io/resources/learn/aws-token-publisher/): An event listener that publishes token data to AWS DynamoDB using a split token approach. - [Client Authentication Attempt Counter | Curity Identity Server](https://curity.io/resources/learn/client-authentication-attempt-counter/): An example event listener plugin keeping track of client authentication attempts. - [Cloudflare Token Publisher Event Listener | Curity Identity Server](https://curity.io/resources/learn/cloudflare-token-publisher/): An event listener that publishes token data to Cloudflare using a split token approach. - [RESTful SMS Sender Plugin | Curity Identity Server](https://curity.io/resources/learn/restful-sender/): An SMS Sender that posts a json message to a backend SMS service. - [Tele2 SMS Plugin | Curity Identity Server](https://curity.io/resources/learn/tele2-sms/): Send OTP text messages through the Tele2 service. - [Long-Lived Tokens on Refresh Procedure Plugin | Curity Identity Server](https://curity.io/resources/learn/long-lived-tokens-on-refresh/): A token procedure plugin example that adds features to the token refresh flow. It can also be used as an example of writing token procedure plugins. - [Exchange Opaque Token to JWT | Curity Identity Server](https://curity.io/resources/learn/token-exchange-opaque-to-jwt/): An example of how to implement a Token Exchange (RFC 8693) plugin. In this example an opaque token is exchanged into a JWT. - [OpenID AuthZEN Token Procedure | Curity Identity Server](https://curity.io/resources/learn/authzen-token-procedure/): A Token Procedure example using an AuthZEN PDP to determine if tokens should be issued - [Token Exchange With External IdP | Curity Identity Server](https://curity.io/resources/learn/external-idp-token-exchange/): An example of how to implement Token Exchange with external IdP issued JWTs. - [Implement MCP Authorization | Curity Identity Server](https://curity.io/resources/learn/implementing-mcp-authorization-apis/): Develop an OAuth-secured MCP server and integrate AI agents with human approval and a controlled level of access - [Backend Agent with A2A Authorization | Curity Identity Server](https://curity.io/resources/learn/backend-agent-a2a-authorization/): Manage user identities with minimal coding from your team. Curity Identity Server handles the complexities of the leading identity and security standards, making them easier to use, customize and deploy. - [Secure an OpenAI ChatGPT App | Curity Identity Server](https://curity.io/resources/learn/chatgpt-widget-haapi/): Use the Hypermedia Authentication API to implement step-up authentication with an integrated user experience - [Securing a Spring Boot API with JWTs | Curity Identity Server](https://curity.io/resources/learn/spring-boot-api/): How to secure your Spring boot API with JWT validation - [Securing a Java API with JWTs | Curity Identity Server](https://curity.io/resources/learn/oauth-filter-for-java/): A sample API that integrates the Curity OAuth Java Servlet Filter to authenticate and authorize requests. - [Securing a Kotlin API with JWTs | Curity Identity Server](https://curity.io/resources/learn/kotlin-api/): A simple API to demonstrate how to integrate a security library and manage JWTs - [Securing a .NET API with JWTs | Curity Identity Server](https://curity.io/resources/learn/dotnet-api/): How to secure your .NET API with JSON Web Tokens - [Securing a Node.js Express API with JWTs | Curity Identity Server](https://curity.io/resources/learn/express-jwt/): A Node.js express library for securing endpoints with JWTs together with an example app. - [Securing a Python Flask API with JWTs | Curity Identity Server](https://curity.io/resources/learn/oauth-filter-for-python-flask/): A filter that can be used to secure python flask APIs. - [Securing a Go API With JWTs | Curity Identity Server](https://curity.io/resources/learn/go-api/): How to secure your Go API with JSON Web Tokens - [Securing a Symfony API with JWTs | Curity Identity Server](https://curity.io/resources/learn/symfony-api/): How to secure your Symfony API with Json Web Tokens - [Securing a Serverless API with JWTs | Curity Identity Server](https://curity.io/resources/learn/serverless-zero-trust-api/): An example of a Serverless API that validates JWTs on every lambda function call - [Securing a Serverless API on Vercel using JWTs | Curity Identity Server](https://curity.io/resources/learn/serverless-zero-trust-api-on-vercel/): Example of a JWT protected serverless API running on Vercel - [API Access via JWT Assertions | Curity Identity Server](https://curity.io/resources/learn/api-jwt-assertions/): Designing APIs whose clients must authenticate with strong security via client assertions - [Mutual TLS Secured API | Curity Identity Server](https://curity.io/resources/learn/mutual-tls-api/): How to implement client certificate based security in a B2B API - [Securing API Events using JWTs | Curity Identity Server](https://curity.io/resources/learn/securing-api-events-using-jwts/): Secure and reliable event based messaging with Apache Kafka and the Curity Identity Server - [Testing Zero Trust APIs | Curity Identity Server](https://curity.io/resources/learn/testing-zero-trust-apis/): How to reduce infrastructure when writing integration tests against OAuth secured APIs - [Kotlin Android App using AppAuth | Curity Identity Server](https://curity.io/resources/learn/kotlin-android-appauth/): How to implement OpenID Connect using the AppAuth library for Android. - [Kotlin Android App using HAAPI | Curity Identity Server](https://curity.io/resources/learn/kotlin-android-haapi/): How to implement a Kotlin Android App using the HAAPI UI SDK. - [Swift iOS App using AppAuth | Curity Identity Server](https://curity.io/resources/learn/swift-ios-appauth/): How to implement OpenID Connect using the AppAuth library for iOS. - [Swift iOS App using HAAPI | Curity Identity Server](https://curity.io/resources/learn/swift-ios-haapi/): How to implement a Swift iOS App using the HAAPI SDK. - [React Native App using HAAPI | Curity Identity Server](https://curity.io/resources/learn/reactnative-haapi/): How to secure a React Native Android App using the React Native HAAPI module. - [Mobile Dynamic Client Registration | Curity Identity Server](https://curity.io/resources/learn/authenticated-dcr-example/): How to implement authenticated DCR in an iOS or Android app - [OAuth Mobile Web SSO | Curity Identity Server](https://curity.io/resources/learn/mobile-web-sso/): How to achieve SSO when navigating from a mobile app to a web view or browser - [Mobile Setup with ngrok | Curity Identity Server](https://curity.io/resources/learn/mobile-setup-ngrok/): How to run mobile code examples and connect from devices to the Curity Identity Server - [Token Handler Deployment Example | Curity Identity Server](https://curity.io/resources/learn/token-handler-deployment-example/): Details of how the code example and its token handler is deployed - [SPA using Token Handler | Curity Identity Server](https://curity.io/resources/learn/token-handler-spa-example/): An example showing how to use token handler components to harden your SPA security - [Javascript SPA using Assisted Token Flow | Curity Identity Server](https://curity.io/resources/learn/javascript-assisted-token-sample/): An example that uses the assisted token flow in a simple Javascript app. - [Javascript SPA using OAuth Assistant Library | Curity Identity Server](https://curity.io/resources/learn/oauth-assistant/): How to use the Curity OAuth Assistant available on npm in a Single Page Application - [Javascript SPA using Code Flow + PKCE | Curity Identity Server](https://curity.io/resources/learn/javascript-pkce-client/): A simple Javascript SPA sample using the code flow with PKCE - [React SPA using Assisted Token Flow | Curity Identity Server](https://curity.io/resources/learn/react-assisted-token-website/): An example that uses the assisted token flow in a React JS app. - [Angular SPA using Assisted Token Flow | Curity Identity Server](https://curity.io/resources/learn/angular-assisted-token-website/): An example that uses the assisted token flow in an Angular app. - [Hypermedia Authentication API React Demo | Curity Identity Server](https://curity.io/resources/learn/react-haapi-demo/): A React demo application using the Hypermedia Authentication API - [OpenID Connect Client with Spring Security | Curity Identity Server](https://curity.io/resources/learn/oidc-spring-boot/): How to secure your Spring application with Oauth/OpenID Connect - [How to Implement OpenID Connect in .NET | Curity](https://curity.io/resources/learn/dotnet-openid-connect-website/): A website example in .NET that illustrates how to integrate with OpenID Connect. - [OpenID Connect Client with .NET Framework | Curity Identity Server](https://curity.io/resources/learn/dotnetframework-openid-connect-client/): A website example in the .NET Framework, to show how to integrate with OpenID Connect. - [OpenID Connect Client with Python | Curity Identity Server](https://curity.io/resources/learn/python-openid-connect-client/): A website example in Python that illustrates how to integrate with OpenID Connect. - [OpenID Connect Client with Node.js Express | Curity Identity Server](https://curity.io/resources/learn/oidc-node-express/): How to secure your Express application with OAuth/OpenID Connect - [OpenID Connect Client with Java Undertow | Curity Identity Server](https://curity.io/resources/learn/oidc-java-undertow-pac4j/): How to secure your Java application with OAuth/OpenID Connect - [MITREid Connect Client Library | Curity Identity Server](https://curity.io/resources/learn/mitreid-connect/): MITREid Connect is an open source OpenID Connect Implementation in java for the Spring Framework, with a client library implemented as a servlet filter. - [OpenID Connect Client with Encrypted ID Tokens | Curity Identity Server](https://curity.io/resources/learn/website-using-encrypted-id-tokens/): How to use encrypted ID tokens in a website - [OpenID Connect Client with Mutual TLS Client Authentication | Curity](https://curity.io/resources/learn/oidc-spring-boot-mtls-auth/): An example showing how to setup an OIDC client with Spring Boot that authenticates with a client certificate. - [SAML 2.0 Website | Curity Identity Server](https://curity.io/resources/learn/saml-website/): An example website that uses SAML 2.0 to integrate with the Curity Identity Server - [Overview of Decentralized Identities | Curity Identity Server](https://curity.io/resources/learn/overview-of-decentralized-identities/): Verifiable credentials are essentially a piece of cryptographic data that asserts information about a subject. They are part of a bigger identity ecosystem with several building blocks where decentralization plays an important role. - [Decentralized Identifiers (DIDs) Explained | Curity Identity Server](https://curity.io/resources/learn/decentralized-identifiers/): Decentralized Identifiers are globally unique, persistent and resolvable identifiers that support cryptographic verification of ownership without relying on any central registration authority. - [Verifiable Credentials Explained | Curity Identity Server](https://curity.io/resources/learn/verifiable-credentials/): An in-depth description of Verifiable Credentials and their data models. - [Issue Verifiable Credentials using OpenID4VC | Curity Identity Server](https://curity.io/resources/learn/verifiable-credentials-issuance/): How an issuing organization can issue verifiable credentials within the context of an OAuth flow - [Using Curity Identity Server to handle PSD2 | Curity Identity Server](https://curity.io/resources/learn/curity-and-psd2/): How can the Curity Identity Server help with PSD2 - [What is Financial-Grade Security? | Curity](https://curity.io/resources/learn/what-is-financial-grade/): This article explains what financial-grade is, and offers the best practices to deal with the main financial-grade security concerns. - [What Is PSD2, and How Does It Work? | Curity](https://curity.io/resources/learn/what-is-psd2/): A brief summary of PSD2 and the security requirements and goals to comply with its regulations. - [What is Open Banking? | Curity Identity Server](https://curity.io/resources/learn/what-is-open-banking/): What is Open Banking, and what are the security requirements to implement Open Banking solutions? - [How to Implement Financial-Grade Security | Curity](https://curity.io/resources/learn/implement-financial-grade/): Overview of the different OAuth 2.0 and OpenID Connect standards and best practices for implementing financial-grade security. - [App2App Mobile Architecture | Curity Identity Server](https://curity.io/resources/learn/app2app-architecture/): An architectural summary of the App2App authentication flow and how it can be used in an Open Banking setting. - [Consentors in Financial-Grade | Curity Identity Server](https://curity.io/resources/learn/consentors-in-financial-grade/): A guide for using consentors to meet financial-grade requirements. - [Curity Identity Server Concepts Overview | Curity Identity Server](https://curity.io/resources/learn/concepts-overview/): An overview of Curity components and main conceptual areas. - [Open Banking Brazil DCR Request Validation | Curity](https://curity.io/resources/learn/obb-dcr-validation/): This article describes how to perform advanced validation of a Dynamic Client Registration request to comply with the requirements of Open Banking Brazil specifications. - [Authentication Concepts | Curity Identity Server](https://curity.io/resources/learn/concepts-authentication/): A summary of the most important system concepts. - [Token Concepts | Curity Identity Server](https://curity.io/resources/learn/concepts-tokens/): A summary of the most important authorization concepts. - [Data Concepts | Curity Identity Server](https://curity.io/resources/learn/concepts-data/): An overview of the types of data manged by the Curity Identity Server. - [Availability Concepts | Curity Identity Server](https://curity.io/resources/learn/concepts-availability/): An overview of how the system is designed to support high availability. - [Deployment Concepts | Curity Identity Server](https://curity.io/resources/learn/concepts-deployment/): An overview guide on customizable deployments. - [Configure an Authenticator | Curity Identity Server](https://curity.io/resources/learn/username-password-authenticator/): Learn how to configure a username password authenticator (html-form) that uses a database with credentials. - [First Configuration | Curity Identity Server](https://curity.io/resources/learn/first-config/): Once Curity has been installed, it is time to configure it for the first time. - [Configure a Client | Curity Identity Server](https://curity.io/resources/learn/configure-client/): Step-by-step guide on how to configure a client in the Curity Identity Server - [Install using Docker | Curity Identity Server](https://curity.io/resources/learn/run-curity-docker/): This tutorial takes you through the steps needed to run the Curity Identity Server in Docker - [Install Locally | Curity Identity Server](https://curity.io/resources/learn/install-curity/): This tutorial takes you through the installation process and first boot of the Curity Identity Server - [Install using Helm | Curity Identity Server](https://curity.io/resources/learn/install-helm-chart/): How to use Helm chart to install the Curity Identity Server. - [Install on Azure | Curity Identity Server](https://curity.io/resources/learn/install-on-azure/): This tutorial takes you through the steps needed to install Curity Identity Server on Azure - [Install using Google Cloud Platform | Curity Identity Server](https://curity.io/resources/learn/install-on-gcp/): How to deploy the Curity Identity Server on GCP with a Helm Chart. - [Install on AWS (AMI) | Curity Identity Server](https://curity.io/resources/learn/run-curity-aws/): This tutorial takes you through the steps needed to run the Curity Identity Server in AWS as a single instance. - [Summary | Curity Identity Server](https://curity.io/resources/learn/getting-started-summary/): With the Curity Identity Server deployed, configured and tested, what comes next? - [Token Handler First Configuration | Curity Identity Server](https://curity.io/resources/learn/token-handler-first-configuration/): Configure the Curity token handler settings to enable cookie handling endpoints for SPAs. - [Token Handler Installation | Curity Identity Server](https://curity.io/resources/learn/token-handler-getting-started/): Install the Curity token handler that will act as a Backend for Frontend (BFF) for a single page application. - [Integrate the Token Handler with an API Gateway | Curity Identity Server](https://curity.io/resources/learn/token-handler-integrate-gateway/): Deploy the OAuth Agent and OAuth Proxy using API Gateway public URLs that the SPA calls. - [Token Handler Summary | Curity Identity Server](https://curity.io/resources/learn/token-handler-summary/): Further details after integrating an SPA with the token handler. - [Integrate your SPA with the Token Handler | Curity Identity Server](https://curity.io/resources/learn/token-handler-integrate-spa/): A summary of how to integrate an SPA's code with token handler API endpoints to implement cookie security. - [Test using OAuth Tools | Curity Identity Server](https://curity.io/resources/learn/test-using-oauth-tools/): Test your Curity deployment using OAuth Tools - [Test using OAuth Assistant | Curity Identity Server](https://curity.io/resources/learn/test-using-oauth-assistant/): Test your Curity deployment using OAuth Assistant - [Test using cURL | Curity Identity Server](https://curity.io/resources/learn/test-using-curl/): Test your Curity deployment using cURL - [What is Hypermedia Authentication API | Curity Identity Server](https://curity.io/resources/learn/what-is-hypermedia-authentication-api/): An overview of the Hypermedia Authentication API, which enables a secure and flexible authentication process, is fulfilled without a browser. - [Mobile Attestation Fallback | Curity Identity Server](https://curity.io/resources/learn/mobile-fallback-attestation/): How to deal with client attestation issues when using the Hypermedia Authentication API. - [Using AD for Admin UI Users | Curity Identity Server](https://curity.io/resources/learn/use-ad-for-admin-users/): How to configure Curity to use AD for Admin users to log in to the admin UI. - [Federated Login to the Admin UI | Curity Identity Server](https://curity.io/resources/learn/federated-login-to-admin-ui/): How to configure Federated or Multi-Factor Login to the Admin UI. - [DevOps Dashboard Overview | Curity Identity Server](https://curity.io/resources/learn/devops-dashboard/): The role of the DevOps dashboard in the Curity Identity Server - [Token Signing Key Rotation | Curity Identity Server](https://curity.io/resources/learn/token-signing-key-rotation/): How to quickly and safely update the token signing key, for JWTs issued to your applications - [User Self-Service Portal | Curity Identity Server](https://curity.io/resources/learn/user-self-service-portal/): How to activate a portal application where users can administer their account - [Curity Access Control Rules | Curity Identity Server](https://curity.io/resources/learn/admin-access-rules/): Access control rules and how to configure them using the admin UI - [Authorization Rules for the RESTCONF API | Curity Identity Server](https://curity.io/resources/learn/access-rules-in-restconf/): How to setup authorization rules for configuration access through RESTCONF - [Configuring Redirect URI Policies | Curity Identity Server](https://curity.io/resources/learn/redirect-uri-policies/): How-to work with Redirect URI Policies so that clients can use dynamic redirect URIs in OAuth flows. - [How to Use DKIM to Avoid Email Spoofing | Curity](https://curity.io/resources/learn/dkim/): Enable DKIM to avoid email spoofing - [Endpoints and their URLs | Curity Identity Server](https://curity.io/resources/learn/endpoints/): The specifics of Endpoints in the Curity Identity Server - [Non-Templatized Dynamic Client Registration | Curity Identity Server](https://curity.io/resources/learn/non-templatized-dcr/): A tutorial on how to setup non-templatized DCR using Curity - [Integrating PKCS#11-based High Security Modules | Curity Identity Server](https://curity.io/resources/learn/yubihsm-integration/): Tutorial describing how to integrate PKCS#11-based HSMs like YubiHSM with the Curity Identity Server - [Configuring Proof Key for Code Exchange | Curity Identity Server](https://curity.io/resources/learn/pkce/): How to use PKCE with a code flow client - [Templatized Dynamic Client Registration | Curity Identity Server](https://curity.io/resources/learn/templatized-dcr/): A tutorial on how to setup templatized DCR using Curity - [Custom DCR Request Validation | Curity Identity Server](https://curity.io/resources/learn/dcr-validation-in-pre-processing-procedure/): Learn how to use a pre-processing procedure to validate an incoming DCR request and enforce compliance. - [Using Pairwise Pseudonymous Identifiers | Curity Identity Server](https://curity.io/resources/learn/ppid/): In this tutorial, we explain how to configure pairwise pseudonymous identifiers (PPIDs) to increase privacy - [Including Entitlement Information in Introspection Results | Curity](https://curity.io/resources/learn/oauth-entitlements-in-introspection/): Including Entitlement Information in Introspection Results - [JWT Assertions | Curity Identity Server](https://curity.io/resources/learn/jwt-assertion/): A tutorial that seeks to clarify how to achieve Client and User Authentication using JWTs - [OAuth Authorization with JWT Authorization Requests | Curity](https://curity.io/resources/learn/jar-tutorial/): How to configure the Curity Identity Server to use JAR with signed or encrypted JWTs. - [Consuming Responses with JARM | Curity](https://curity.io/resources/learn/jarm-tutorial/): How to use JWT Security Authorization Response Mode (JARM) to properly consume responses from an Authorization Server. - [Using Pushed Authorization Requests | Curity Identity Server](https://curity.io/resources/learn/par-tutorial/): How to configure the Curity Identity Server to use Pushed Authorization Requests (PAR) to initialize an authorization flow. - [Running a CIBA Flow | Curity Identity Server](https://curity.io/resources/learn/ciba-tutorial/): How to configure the Curity Identity Server to run a CIBA flow. - [Using SAN to Authenticate an OAuth Client | Curity](https://curity.io/resources/learn/san-in-mtls/): Using Subject Alternative Names to authenticate a client in a mutual TLS connection. - [Dynamic User Routing with NGINX | Curity Identity Server](https://curity.io/resources/learn/nginx-user-routing-plugin/): How to implement a dynamic routing plugin for the NGINX reverse proxy - [Dynamic User Routing with Cloudflare Gateway | Curity Identity Server](https://curity.io/resources/learn/cloudflare-dynamic-user-routing/): Learn how to set up Cloudflare CDN Gateway and the Curity Identity Server to dynamically route users to proper regions in a multi-region scenario. - [Dynamic User Routing with Kong Open Source | Curity Identity Server](https://curity.io/resources/learn/kong-user-routing-plugin/): How to implement a dynamic routing plugin for the Kong Open Source API Gateway - [Dynamic User Routing with Cloud Platforms | Curity Identity Server](https://curity.io/resources/learn/cloud-user-routing/): How to implement dynamic user routing using cloud provider features - [Open Banking Brazil DCR Request Validation in Nginx | Curity](https://curity.io/resources/learn/nginx-obb-dcr-validation/): Provide an example on how to validate a DCR request in nginx to comply with the Open Banking Brazil Specification - [API Authorization using Open Policy Agent and Kong | Curity Identity Server](https://curity.io/resources/learn/curity-opa-kong-api/): How can the Curity Identity Server and Open Policy Agent be deployed together with the Kong API gateway to achieve robust API Authentication and Authorization? - [Authentication capabilities in the Curity Identity Server | Curity](https://curity.io/resources/learn/authentication-overview/): Overview of authentication capabilities when using the Curity Identity Server. - [WebAuthn Authenticator | Curity Identity Server](https://curity.io/resources/learn/webauthn-authenticator/): How to configure and use the WebAuthn authenticator. - [Using Passkeys for Strong Passwordless MFA Authentication | Curity](https://curity.io/resources/learn/passkeys-authenticator/): Using passkeys to implement strong multi-factor passwordless authentication - [Multi-Factor Authentication With Google Authenticator | Curity](https://curity.io/resources/learn/authenticate-with-google-authenticator/): Google Authenticator is a popular app for two-factor authentication. Here's how to configure it in Curity Identity Server. - [Handling Expired Sessions During Authentication | Curity Identity Server](https://curity.io/resources/learn/application-url/): How to use the Application URL configuration to bootstrap an authentication session - [Manage User Account Lockout | Curity Identity Server](https://curity.io/resources/learn/user-account-lockout/): How to configure centralized user account lockout. - [Preregister Devices in a WebAuthn Authenticator | Curity Identity Server](https://curity.io/resources/learn/preregister-devices-in-webauthn-authenticator/): How to preregister a cross-platform device for a WebAuthn authenticator. - [Geo-Location Authenticator Filter | Curity Identity Server](https://curity.io/resources/learn/geolocation-authenticator-filter/): How to set up a geo-location filter to limit the authenticators presented to a user. - [Authentication Actions Concepts | Curity Identity Server](https://curity.io/resources/learn/control-authentication-using-actions/): The role of authentication actions in the Curity Identity Server - [Multi-Factor Authentication Using Actions | Curity Identity Server](https://curity.io/resources/learn/add-authentication-action/): Learn to use authentication actions to control multi-factor authentication - [Opt-in Multi-Factor Authentication | Curity Identity Server](https://curity.io/resources/learn/optin-mfa-howto/): How to configure Opt-in MFA in the Curity Identity Server - [Scripted Attribute Transformation | Curity Identity Server](https://curity.io/resources/learn/scripted-attribute-transformation/): Use a Script Authentication Action to transform attributes - [Authentication Actions Data Example | Curity Identity Server](https://curity.io/resources/learn/authentication-actions-example/): A data driven example to show how to take full control over authentication logic - [Action Bundles | Curity Identity Server](https://curity.io/resources/learn/action-bundles/): Learn how to use Action Bundles to organize authentication actions - [Account Creation after Login | Curity Identity Server](https://curity.io/resources/learn/account-creation-after-login/): How to automatically create an account when the user first signs in, and bypass registration - [Account Linking with Social Identity Providers | Curity](https://curity.io/resources/learn/account-linking-with-social/): How to configure the Curity Identity Server to handle account linking using social Identity Providers such as Google, Facebook, LinkedIn, Twitter, Instagram, etc. - [Migrating to Passkeys | Curity Identity Server](https://curity.io/resources/learn/migrating-to-passwordless/): How to enable users to update in an opt-in manner their primary authentication factor to a passwordless solution that uses passkeys. - [Fallback to local authentication method if primary method is unavailable | Curity](https://curity.io/resources/learn/authentication-fallback/): Learn how to configure the Curity Identity Server to use an alternate authentication method if the authentication service of the primary method is unavailable - [Look and Feel Customization Overview | Curity Identity Server](https://curity.io/resources/learn/managing-custom-login-screens/): An overview of behavior when customizing login screens - [Fast Look and Feel Customization with the Admin UI | Curity Identity Server](https://curity.io/resources/learn/customize-look-and-feel-simple/): Controlling the Look and Feel of the Curity Identity Server - [Extended Look and Feel Customization | Curity Identity Server](https://curity.io/resources/learn/customize-look-and-feel/): Advanced Control over the Look and Feel of the Curity Identity Server - [Creating Multi-Brand Login Screens | Curity Identity Server](https://curity.io/resources/learn/customize-recipe-multi-brand/): Example steps for creating distinct branded login screens per client application - [Creating a Branded Login Screen | Curity Identity Server](https://curity.io/resources/learn/customize-recipe-basic-brand/): Example steps for creating a branded login screen - [Creating Branded Login Emails | Curity Identity Server](https://curity.io/resources/learn/customize-recipe-emails/): Example steps for customizing the look and feel of email messages - [How to Customize Password Validation | Curity Identity Server](https://curity.io/resources/learn/customize-password-validation/): Learn how to validate passwords in the backend and override the existing progress bar in the frontend. - [Customizing User Consent | Curity Identity Server](https://curity.io/resources/learn/consent/): Customizing the look and feel of user consent to provide an understandable user experience - [Reach a Global Audience with Right-to-Left Language Support | Curity](https://curity.io/resources/learn/right-to-left-kanguage-support/): Increase accessibility and improve usability with Curity's support for right-to-left languages like Arabic and Hebrew. - [Configuration Overview | Curity Identity Server](https://curity.io/resources/learn/configuration-overview/): An overview of the configuration system of the Curity Identity Server. - [Learn How to Import and Export Configurations | Curity](https://curity.io/resources/learn/import-export-config/): Different options for importing and exporting the configuration of the Curity Identity Server - [Configure Deployed Environments | Curity Identity Server](https://curity.io/resources/learn/configure-deployed-environments/): Get started configuring the Curity Identity Server for your deployed environments. - [Introduction to the CLI | Curity Identity Server](https://curity.io/resources/learn/intro-to-cli/): This article gives a brief overview of the CLI and provides some examples. - [Keys, Certificates and Trust Stores | Curity Identity Server](https://curity.io/resources/learn/curity-crypto/): An introduction on the different keys, certificates and trust stores used in the Curity Identity Server - [Automate Certificate Renewal | Curity Identity Server](https://curity.io/resources/learn/auto-certificate-renewal/): Learn how to use the CLI to automatically renew a certificate. - [Configuration as Code | Curity Identity Server](https://curity.io/resources/learn/gitops-configuration-management/): How to work with split and parameterized configuration, and use automation to manage changes to configuration - [Data Management Overview | Curity Identity Server](https://curity.io/resources/learn/data-overview/): An overview of data management options with the Curity Identity Server - [Get Started with Identity Data | Curity Identity Server](https://curity.io/resources/learn/get-started-identity-data/): Get connected with the identity schema of the Curity Identity Server - [Get Connected to SQL Data Sources | Curity Identity Server](https://curity.io/resources/learn/using-sql-data-sources/): Integrate with SQL data sources like PostgreSQL, Microsoft SQL Server and Oracle. - [Upgrade Data Sources | Curity Identity Server](https://curity.io/resources/learn/upgrade-data-sources/): Use the database upgrade reliability features of the Curity Identity Server to keep the schema up to date - [Get Connected to NoSQL Data Sources | Curity Identity Server](https://curity.io/resources/learn/using-nosql-data-sources/): Use MongoDB or DynamoDB as data sources for the Curity Identity Server - [Multi-Region Dynamic User Routing | Curity Identity Server](https://curity.io/resources/learn/implementing-dynamic-user-routing/): An end-to-end how-to for dynamically routing OAuth requests to specific regions via a reverse proxy. - [Running in a Multi-Tenant Architecture | Curity](https://curity.io/resources/learn/curity-multitenancy/): The concepts of different levels of separation to achieve a multi-tenant architecture with the Curity Identity Server - [Verifiable Credentials in Action - A UX Tutorial | Curity Identity Server](https://curity.io/resources/learn/use-verifiable-credentials/): Interactively follow the user experience of retrieving and presenting a verifiable credential. - [Verifiable Credentials in Wallets | Curity Identity Server](https://curity.io/resources/learn/use-verifiable-credentials-with-demo-wallet/): How to use a digital wallet to receive and present verifiable credentials - [Issue a Verifiable Credential | Curity Identity Server](https://curity.io/resources/learn/configure-verifiable-credential-issuance/): How to configure the Curity Identity Server and issue a verifiable credential - [Verifiable Credentials Issuance with Pre-authorized Code | Curity](https://curity.io/resources/learn/pre-authorized-code/): How-to configure the Curity Identity Server to use the pre-authorized code flow in the issuance of a verifiable credential. - [Docker Container Customization | Curity Identity Server](https://curity.io/resources/learn/customizing-the-curity-docker-container/): How to customize the Curity Identity Server Docker container - [Exposing the Curity Identity Server Using ngrok | Curity Identity Server](https://curity.io/resources/learn/expose-local-curity-ngrok/): Learn how to expose your local Curity Identity Server installation using ngrok. - [Running in Cluster Mode | Curity Identity Server](https://curity.io/resources/learn/intro-to-cluster/): Learn more about the cluster mode in the Curity Identity Server. - [Testing the Curity Identity Server | Curity Identity Server](https://curity.io/resources/learn/testing-an-instance-of-curity/): How to create end-to-end testing of an instance of the Curity Identity Server. - [Clustering with Docker Compose | Curity Identity Server](https://curity.io/resources/learn/clustering-using-docker-compose/): How to set up Curity with multiple nodes, using Docker Compose. - [AWS Deployment Overview | Curity Identity Server](https://curity.io/resources/learn/deploy-on-aws/): How can the Curity Identity Server be deployed on AWS? - [Install on AWS using CloudFormation | Curity Identity Server](https://curity.io/resources/learn/clustering-using-aws-cloudformation/): This tutorial takes you through the steps needed to run a Curity Identity Server Cluster in AWS using the CloudFormation template. - [Install on AWS using the CDK | Curity Identity Server](https://curity.io/resources/learn/install-using-aws-cdk/): How to run a CloudFormation based deployment of the Curity Identity Server, with modern developer experience benefits - [Azure Deployment Overview | Curity Identity Server](https://curity.io/resources/learn/how-to-deploy-on-azure/): How can the Curity Identity Server be deployed on Azure? - [Upgrade Best Practices | Curity Identity Server](https://curity.io/resources/learn/upgrade-best-practices/): How to frequently and reliably upgrade the Curity Identity Server - [Integration With Identity Providers Overview | Curity Identity Server](https://curity.io/resources/learn/external-idps-overview/): Overview of the section on integration with external identity providers. - [Authenticate Using Microsoft Entra ID | Curity Identity Server](https://curity.io/resources/learn/oicd-authenticator-azure/): How to use Microsoft Entra ID as an identity provider for the Curity Identity Server. - [Authenticate Using Okta | Curity Identity Server](https://curity.io/resources/learn/okta-external-idp/): How to use Okta accounts for user authentication using OpenID Connect - [Beyond Identity Integration Using OIDC Authenticator | Curity](https://curity.io/resources/learn/beyondidentity-integration/): How to configure the OIDC Authenticator with Beyond Identity - [Authenticate Using Sign in With Apple | Curity Identity Server](https://curity.io/resources/learn/sign-in-with-apple/): How to use Apple as an authenticator and then use Apple user attributes as claims - [Authenticate using Signicat | Curity Identity Server](https://curity.io/resources/learn/oidc-signicat/): How to authenticate using the eIDs of Signicat. - [Integrating with BankID v6 | Curity Identity Server](https://curity.io/resources/learn/integrating-with-bankid-v6/): How to use the latest security improvements in the BankID v6 Web Service API - [SITHS Authentication With AD Attributes | Curity](https://curity.io/resources/learn/SITHS-authentication/): How to resolve attributes from Active Directory when using SITHS smart card authentication - [Norwegian BankID Integration Using the OIDC Authenticator | Curity](https://curity.io/resources/learn/norwegian-bankid/): How to configure the OIDC Authenticator for use with Norwegian BankID - [Using the Dynamic Authenticator | Curity Identity Server](https://curity.io/resources/learn/dynamic-authenticator/): What is the Dynamic Authenticator and how to use it in the Curity Identity Server. - [Integrating with SAML Identity Providers | Curity Identity Server](https://curity.io/resources/learn/connecting-to-saml-idp/): How to integrate the Curity Identity Server's SAML2 authenticator with an external SAML Identity Provider - [How to Use Microsoft Entra ID For Credential Verification | Curity](https://curity.io/resources/learn/use-azure-ad-for-credential-verification/): How to configure the Curity Identity Server to leverage Microsoft Entra ID with secure LDAP for credential verification. - [Code Flow | Curity Identity Server](https://curity.io/resources/learn/code-flow/): This tutorial explains how to obtain an OAuth access token using the code flow, a popular message exchange pattern used by server-based applications. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server. - [Implicit Flow | Curity Identity Server](https://curity.io/resources/learn/implicit-flow/): Using the OAuth 2.0 Implicit Flow - [Hybrid Flow | Curity Identity Server](https://curity.io/resources/learn/hybrid-flow/): This tutorial explains how to obtain an OAuth access token using the hybrid flow. The guide includes step by step instructions for how to set it up and configure it in the Curity Identity Server. - [Client Credentials Flow | Curity Identity Server](https://curity.io/resources/learn/client-credentials/): OAuth has a flow called client credentials, that comes in handy when there are requests to your APIs that are not involving a user. Using the Client Credentials flow, it's possible to let servers communicate with your API without modifying the APIs themselves. - [Refresh Tokens | Curity Identity Server](https://curity.io/resources/learn/refresh-tokens/): This tutorial explains how to issue Refresh Tokens in the Curity Identity Server, control their lifetime, include/exclude them for certain clients, and use them to get new access tokens - [Resource Owner Password Flow | Curity Identity Server](https://curity.io/resources/learn/ropc/): This tutorial explains how to use the Resource Owner Password Credential Flow (ROPC) to obtain tokens from the Curity Identity Server. - [Revoking OAuth Tokens | Curity Identity Server](https://curity.io/resources/learn/revoke/): Learn how to revoke access and refresh tokens issued according to the OAuth standard - [User Consent | Curity Identity Server](https://curity.io/resources/learn/user-consent/): Handling user consent for claims - [Device Authorization Grant | Curity Identity Server](https://curity.io/resources/learn/device-flow/): The OAuth 2.0 Device Authorization Grant solves the problem of authenticating a user on a device that does not have user friendly input capabilities. Authentication instead takes place out-of-band on a different device. - [Web Client Setup for the Hypermedia Authentication API | Curity](https://curity.io/resources/learn/api-driven-demo-client/): How to run and modify the Javascript demo client. - [Android SDK for the Authentication API | Curity](https://curity.io/resources/learn/authentication-api-android-sdk/): A tutorial of the android client setup for the Hypermedia Authentication API in the Curity Identity Server. - [iOS SDK for the Authentication API | Curity](https://curity.io/resources/learn/authentication-api-ios-sdk/): How to configure an iOS client for the Hypermedia Authentication API in the Curity Identity Server. - [How to Configure Native Passkeys for Mobile Logins | Curity](https://curity.io/resources/learn/mobile-logins-using-native-passkeys/): How to use passkeys for mobile logins in browserless mode, in an OAuth code flow - [Android Integration of the HAAPI Mobile UI SDK | Curity Identity Server](https://curity.io/resources/learn/haapi-mobile-android-integration/): Quickly integrate OAuth or OpenID Connect authentication into an Android app - [iOS Integration of the HAAPI Mobile UI SDK | Curity Identity Server](https://curity.io/resources/learn/haapi-mobile-ios-integration/): Quickly integrate OAuth or OpenID Connect authentication into an iOS app - [HAAPI Mobile Username Password Flows | Curity Identity Server](https://curity.io/resources/learn/haapi-mobile-username-password-flows/): The default look and feel when using the HAAPI UI SDK for password based flows - [HAAPI Mobile Advanced Authentication Flows | Curity Identity Server](https://curity.io/resources/learn/haapi-mobile-advanced-authentication-flows/): Advanced native and browser flows when using the HAAPI UI SDK to implement advanced authentication flows - [Look and Feel Customization for Android HAAPI Mobile Apps | Curity](https://curity.io/resources/learn/haapi-mobile-android-customization/): Customize the Android mobile login look and feel when using the HAAPI UI SDK - [Look and Feel Customization for iOS HAAPI Mobile Apps | Curity](https://curity.io/resources/learn/haapi-mobile-ios-customization/): Customize the iOS mobile login look and feel when using the HAAPI UI SDK - [App2App Logins using BankID | Curity](https://curity.io/resources/learn/app2app-via-hypermedia/): Tutorial demonstrating browserless App2App authentication using the Hypermedia Authentication API - [HAAPI Mobile Security Lifecycle | Curity Identity Server](https://curity.io/resources/learn/haapi-mobile-security-lifecycle/): Key points about the end-to-end security lifecycle, when using the HAAPI UI SDK - [Advanced Login Customizations for HAAPI Mobile Apps | Curity](https://curity.io/resources/learn/haapi-mobile-advanced-customization/): Take control over login behavior using SDK extensibility features - [Implementing HAAPI Attestation Fallback | Curity Identity Server](https://curity.io/resources/learn/implementing-haapi-fallback/): Using the HAAPI UI SDK with devices that do not support signing key attestation - [Integrating with the Apache mod_auth_openidc module | Curity](https://curity.io/resources/learn/apache-mod-auth-openidc/): How to configure and leverage the Apache mod_auth_openidc with The Curity Identity Server - [Curity Identity Server as an IdP in Salesforce | Curity](https://curity.io/resources/learn/salesforce/): Tutorial for configuring and using the Curity Identity Server as external IDP in Salesforce. - [Curity Identity Server as an IdP in Cloudflare | Curity](https://curity.io/resources/learn/idp-in-cloudflare/): Tutorial for configuring and using the Curity Identity Server as external IDP in Cloudflare. - [Integrating with Microsoft Entra ID | Curity Identity Server](https://curity.io/resources/learn/azuread-integration/): Step-by-step instructions on how to use the Curity Identity Server as an Identity Provider for Microsoft Entra ID, - [Setting up OpenID Connect in MuleSoft Anypoint | Curity Identity Server](https://curity.io/resources/learn/mulesoft-anypoint/): Tutorial for setting up MuleSoft Anypoint with the Curity Identity Server for user authentication via OpenID Connect. - [Integrating with Tyk Developer Portal | Curity Identity Server](https://curity.io/resources/learn/integration-tyk/): How to integrate the Tyk Developer Portal with the Curity Identity Server using DCR - [Integrating with the Kong Developer Portal | Curity](https://curity.io/resources/learn/kong-dev-portal/): Tutorial for setting up the Kong Developer Portal to use the Curity Identity Server for user authentication via OpenID Connect. - [Integrating with the Jetty "openid" module | Curity Identity Server](https://curity.io/resources/learn/jetty-opeind-module/): How to configure and leverage the Jetty "openid" module with the Curity Identity Server. - [Configure Deployments using Helm | Curity Identity Server](https://curity.io/resources/learn/configure-deployments-using-helm/): Use configuration to drive the behavior of Kubernetes deployments - [Expose OAuth Endpoints from Kubernetes | Curity Identity Server](https://curity.io/resources/learn/kubernetes-ingress/): How to host the Curity Identity Server behind an API gateway in Kubernetes - [Use Kubernetes Data Storage | Curity Identity Server](https://curity.io/resources/learn/kubernetes-data-storage/): Integrate with Kubernetes Storage Volumes - [Use Kubernetes API Gateway Plugins | Curity Identity Server](https://curity.io/resources/learn/integrating-plugins-with-kubernetes-ingress/): Learn how to run plugins in a Kubernetes AP Gateway - [Deploy to Google Kubernetes Engine (GKE) | Curity Identity Server](https://curity.io/resources/learn/kubernetes-gke-idsvr-kong-phantom/): How to deploy the Curity Identity Server to Google Kubernetes Engine using Kong or NGINX as the Ingress Controller. - [Deploy to Elastic Kubernetes Service (EKS) | Curity Identity Server](https://curity.io/resources/learn/kubernetes-aws-eks-idsvr-deployment/): How to deploy the Curity Identity Server to AWS Elastic Kubernetes Service. - [Encrypted Configuration using Helm | Curity Identity Server](https://curity.io/resources/learn/using-helm-chart-with-config/): How to manage the Curity Identity Server config and cluster key when using Helm - [Deploy to Azure Kubernetes Service (AKS) | Curity Identity Server](https://curity.io/resources/learn/kubernetes-azure-aks-idsvr-deployment/): How to deploy the Curity Identity Server to Azure Kubernetes Service - [Kubernetes Auto Scaling | Curity Identity Server](https://curity.io/resources/learn/kubernetes-autoscaling/): Configuring auto-scaling of the Curity Identity Server nodes in a Kubernetes cluster. - [Configuration Backups and Logging using Helm | Curity Identity Server](https://curity.io/resources/learn/run-cluster-helm/): Clustering the Curity Identity Server using Helm. How to configure configuration backup and logging. - [Access DynamoDB with IAM Role for Service Accounts | Curity](https://curity.io/resources/learn/kubernetes-eks-dynamo-access-irsa/): How to set up DynamoDB access using IAM Role for service accounts. - [Logging and Monitoring Overview | Curity Identity Server](https://curity.io/resources/learn/logging-monitoring-overview/): A summary of the main reliability behaviors of the Curity Identity Server - [Grafana Dashboard for the Curity Identity Server | Curity](https://curity.io/resources/learn/grafana-dashboard/): A description of the features provided by the Grafana dashboard for the Curity Identity Server - [OpenTelemetry Tracing | Curity](https://curity.io/resources/learn/opentelemetry-tracing/): Use OpenTelemetry tracing to help diagnose issues during distributed OAuth flows - [Logging Best Practices | Curity Identity Server](https://curity.io/resources/learn/logging-best-practices/): Recommendations for managing logs and troubleshooting the Curity Identity Server. - [Customizing IAM Audit Logs | Curity](https://curity.io/resources/learn/log-client-ip-to-auditdb/): Using log4j2 to store client IP address to the audit database - [Debug Logging | Curity](https://curity.io/resources/learn/debug-logging/): Configure debug logging in the Curity Identity Server as part of troubleshooting. - [Per-client Debug Logging | Curity](https://curity.io/resources/learn/per-client-debug-logging/): Using log4j2 to filter and log requests based on the calling client. - [Log Aggregation to Splunk | Curity Identity Server](https://curity.io/resources/learn/log-to-splunk/): How to configure logging to Splunk - [Log Aggregation to Datadog | Curity Identity Server](https://curity.io/resources/learn/log-to-datadog/): How to configure logging to Datadog - [Log Aggregation to Elasticsearch | Curity Identity Server](https://curity.io/resources/learn/log-to-elasticsearch/): How to configure logging to Elasticsearch - [Health and Auto Healing | Curity Identity Server](https://curity.io/resources/learn/health-and-auto-healing/): How to connect to the health endpoint and use it to maintain the desired state of the Curity Identity Server - [PagerDuty Alarm Handler Integration | Curity Identity Server](https://curity.io/resources/learn/alarm-pagerduty-integration/): This is a quick introduction to the PagerDuty webhook subsystem for Alarms - [Integrate Alarms with Cloud Monitoring | Curity Identity Server](https://curity.io/resources/learn/cloud-alarm-integration/): Implementing a custom alarm handler to report temporary failures - [Java Runtime Monitoring | Curity Identity Server](https://curity.io/resources/learn/java-monitoring-overview/): Getting set up with Java Monitoring and Runtime Profiling - [How to Record a Browser Trace | Curity Identity Server](https://curity.io/resources/learn/record-browser-trace/): How to record a browser trace for troubleshooting | Curity - [Migrating from Spring Security OAuth | Curity](https://curity.io/resources/learn/migrating-from-spring-security-oauth/): A guide to migration from the deprecated Authorization Server from Spring Security OAuth to the alternative Curity Identity Server. - [Migrating from Keycloak | Curity Identity Server](https://curity.io/resources/learn/migrating-from-keycloak/): A guide to migration from the open source Keycloak system to the Curity Identity Server. - [Migrating from IdentityServer4 | Curity Identity Server](https://curity.io/resources/learn/migrating-from-identityserver/): A guide to migrate from the IdentityServer4 to the Curity Identity Server. - [Migrating from Microsoft Active Directory Federation Services | Curity Identity Server](https://curity.io/resources/learn/migrating-from-adfs/): How to safely implement a phased modernization from ADFS to the Curity Identity Server. - [Harden OAuth Client Credentials in Kubernetes | Curity](https://curity.io/resources/learn/oauth-client-credentials-kubernetes/): How to use Kubernetes service account tokens as strong OAuth client credentials. - [Integrate the Curity Identity Server with an Istio Service Mesh | Curity Identity Server](https://curity.io/resources/learn/integrate-with-istio-service-mesh/): How to use mutual TLS when calling internal endpoints of the Curity Identity Server - [Integrate the Curity Identity Server with SPIFFE and SPIRE | Curity Identity Server](https://curity.io/resources/learn/integrate-with-spiffe-spire/): How to ensure that the Curity Identity Server trusts SPIFFE workload credentials - [Harden OAuth Client Credentials with SPIFFE JWT SVIDs | Curity Identity Server](https://curity.io/resources/learn/oauth-client-credentials-spiffe-jwt-svids/): How to use SPIFFE JWT SVIDs as strong OAuth client credentials - [Harden OAuth Client Credentials with SPIFFE X509 SVIDs | Curity Identity Server](https://curity.io/resources/learn/oauth-client-credentials-spiffe-x509-svids/): How to use SPIFFE X509 SVIDs as strong OAuth client credentials to get sender-constrained access tokens - [Kong OAuth Proxy Plugin | Curity Identity Server](https://curity.io/resources/learn/kong-oauth-proxy/): An OAuth proxy module that runs in the Kong API gateway, to translate secure cookies to access tokens - [OpenResty OAuth Proxy Plugin | Curity Identity Server](https://curity.io/resources/learn/openresty-oauth-proxy/): An OAuth proxy module that runs in the OpenResty API gateway, to translate secure cookies to access tokens - [NGINX OAuth Proxy Module | Curity Identity Server](https://curity.io/resources/learn/nginx-oauth-proxy/): An OAuth proxy module that runs in the NGINX API gateway, to translate secure cookies to access tokens - [OAuth Proxy for Azure API Management | Curity Identity Server](https://curity.io/resources/learn/azure-api-management-oauth-proxy/): An OAuth proxy module that runs in Azure API Management, to translate secure cookies to access tokens - [OAuth Proxy for AWS API Gateway | Curity Identity Server](https://curity.io/resources/learn/aws-oauth-proxy/): An OAuth proxy that runs in AWS API Gateway, to translate secure cookies to access tokens - [Google Apigee API Management OAuth Proxy | Curity Identity Server](https://curity.io/resources/learn/google-apigee-oauth-proxy/): An OAuth proxy module that runs in Google Apigee API Management, to translate secure cookies to access tokens - [Implementing the Phantom Token Approach Using OAuth Introspection | Curity Identity Server](https://curity.io/resources/learn/introspect-with-phantom-token/): A step-by-step tutorial describing how to configure the Curity Identity Server to use the phantom token pattern - [NGINX Phantom Token Module | Curity Identity Server](https://curity.io/resources/learn/nginx-phantom-token-module/): A module for Nginx that allows it to act as a token firewall. - [Integrating with Kong Enterprise | Curity Identity Server](https://curity.io/resources/learn/integration-kong/): How to configure introspection using the Kong Enterprise OpenID Connect plugin and the Curity Identity Server - [Integrating with Kong Open Source | Curity Identity Server](https://curity.io/resources/learn/integration-kong-open-source/): Using Kong Open Source and LUA scripting to implement a phantom token plugin - [Integrating with OpenResty | Curity Identity Server](https://curity.io/resources/learn/integration-openresty/): An end to end how-to for getting quickly set up with OpenResty and the Curity phantom token pattern - [AWS API Gateway Integration | Phantom Token Pattern | Curity](https://curity.io/resources/learn/integration-aws-phantom-token/): How to configure the Curity Identity Server to use the AWS Phantom Token Lambda Authorizer with the AWS API Gateway - [Integrating with Apigee Edge | Phantom Token Approach | Curity](https://curity.io/resources/learn/integration-apigee/): How to integrate the Curity Identity Server with Apigee, with API proxy policies - [Microsoft Azure API Management | Curity Identity Server](https://curity.io/resources/learn/integration-azure-api-management/): How to configure integration with the Curity Identity Server and Microsoft Azure API Management - [API Gateways Integration | Phantom Token Pattern | Curity](https://curity.io/resources/learn/integration-other-phantom-token/): How to configure the Curity Identity Server to use an API Gateway and leverage the Phantom Token Pattern - [Integrating With the Broadcom CA Layer7 API Gateway | Curity](https://curity.io/resources/learn/integration-layer7/): How to configure integration between the Curity Identity Server and the Broadcom CA Layer7 API Gateway - [Mulesoft Flex API Gateway Integration | Phantom Token Pattern | Curity](https://curity.io/resources/learn/integration-mulesoft-flex-phantom-token/): How to configure the Curity Identity Server and the Mulesoft Flex API Gateway with a custom Curity Phantom Token policy. - [Integrating with Zuplo | Curity Identity Server](https://curity.io/resources/learn/integration-zuplo/): How to configure Phantom Token introspection using the Zuplo API Gateway and the Curity Identity Server - [IBM API Connect integration using a Lambda Authorizer | Phantom Token Pattern | Curity](https://curity.io/resources/learn/integration-ibm-api-connect-phantom-token/): How to configure IBM API Connect to use a Lambda Authorizer to implement the Phantom Token pattern - [Tyk Integration Using a gRPC Plugin | Phantom Token Pattern | Curity](https://curity.io/resources/learn/integration-tyk-self-managed-phantom-token/): How to configure Tyk to use a rich gRPC plugin to implement the Phantom Token pattern - [AWS API Gateway Integration | Split Token Approach | Curity](https://curity.io/resources/learn/integration-aws-split-token/): How to configure the Curity Identity Server, DynamoDB, an AWS Lambda Authorizer to use the Split Token approach with the AWS API Gateway - [Integrating with the Cloudflare Gateway | Curity Identity Server](https://curity.io/resources/learn/cloudflare-split-tokens/): Learn how to setup Cloudflare CDN Gateway and the Curity Identity Server to use the Split Token approach. - [Token Designer Overview | Curity Identity Server](https://curity.io/resources/learn/token-designer/): How to manage scopes, claims and token contents using the Token Designer feature. - [Integrating with Apigee Edge | Split Token Approach | Curity](https://curity.io/resources/learn/integration-apigee-split-token/): How to integrate the Curity Identity Server with Apigee Edge, with API proxy policies and the Split Token Approach - [Custom Token Issuer | Curity Identity Server](https://curity.io/resources/learn/custom-token-issuer/): How to use client properties to invoke custom token issuers on a per client basis. - [Working With Claims | Curity Identity Server](https://curity.io/resources/learn/working-with-claims/): How to configure claims using Claim Value Providers and how to test providing values to claims. - [Adding Claims from Authentication | Curity Identity Server](https://curity.io/resources/learn/claims-from-authenticated-subject/): How to use the authenticated subject claims provider to get attributes from the authentication as claims in tokens. - [How to Implement Custom Claims | Curity](https://curity.io/resources/learn/implementing-custom-claims/): Curity's Identity specialists provide a tutorial and video showing how to implement a use case where custom claims are included in access tokens. - [How to Implement Token Exchange | Curity](https://curity.io/resources/learn/implementing-token-exchange/): How to take finer control over access tokens using token exchange and token procedures - [Verified Claims and Identity Assurance | Curity Identity Server](https://curity.io/resources/learn/verified-claims-identity-assurance/): A tutorial showing how to use verified claims and identity assurance in the Curity Identity Server. - [EdDSA Signatures in Tokens | Curity Identity Server](https://curity.io/resources/learn/sign-tokens-with-eddsa/): Learn how to configure and sign tokens with EdDSA keys - [Implementing Impersonation | Curity Identity Server](https://curity.io/resources/learn/impersonation-implementation/): Learn how to implement an Impersonation Flow - [User Management with SCIM | Curity Identity Server](https://curity.io/resources/learn/user-management/): Introduction to configuring the user management module for Curity and adding users through SCIM - [User Management with GraphQL | Curity Identity Server](https://curity.io/resources/learn/graphql-user-management/): How to use GraphQL APIs to manage your customer user accounts - [Running the DevOps Dashboard | Curity Identity Server](https://curity.io/resources/learn/devops-dashboard-user-administration/): How to configure the DevOps dashboard, to enable employees to manage clients, API permissions and customer user accounts - [Database Client Management with GraphQL | Curity Identity Server](https://curity.io/resources/learn/graphql-client-management/): How to use GraphQL APIs to manage your OAuth clients, with database storage - [Groups Authorization Manager | Curity Identity Server](https://curity.io/resources/learn/groups-authorization-manager/): A tutorial on how to protect identity resources using the groups authorization manager. - [Attribute Authorization Manager | Curity Identity Server](https://curity.io/resources/learn/attribute-authorization-manager/): How to enable both coarse and fine grained access to identity resources - [Scope Authorization Manager | Curity Identity Server](https://curity.io/resources/learn/scope-management/): A tutorial on how to protect user management using the scope authorization manager. - [Implementing Role Based Security | Curity Identity Server](https://curity.io/resources/learn/implementing-role-based-security/): How to assign roles to users and then perform role based security checks in APIs - [Plug in expert cookie security for your OAuth-secured SPAs | Curity](https://curity.io/resources/learn/curity-token-handler/): Plug in expert cookie security for your OAuth-secured SPAs - [Email Activation When Using SCIM | Curity Identity Server](https://curity.io/resources/learn/email-activation-scim/): This tutorial shows how to set up email activation when managing accounts via SCIM - [Integrate websites that use the SAML 2.0 standard | Curity Identity Server](https://curity.io/resources/learn/integrate-saml-website/): Integrate websites, that use the SAML 2.0 standard, with the Curity Identity Server - [How to Customize OAuth using Scripting | Curity](https://curity.io/resources/learn/getting-started-scripting/): An initial setup for implementing scripting, to extend OAuth security behavior quickly - [How to Customize OAuth using Plugins | Curity](https://curity.io/resources/learn/getting-started-plugins/): An initial setup for developing plugins, for the most complete customizations to your OAuth security behavior - [Implement custom authentication within an OAuth flow | Curity](https://curity.io/resources/learn/getting-started-authentication-plugins/): Implement custom authentication within an OAuth flow - [Additional techniques when customizing authentication | Curity](https://curity.io/resources/learn/authentication-plugin-techniques/): Additional techniques when customizing authentication using plugins - [Simple Authentication Action | Curity Identity Server](https://curity.io/resources/learn/authentication-action/): How to write a simple Authentication Action - [Attaching a Remote Debugger | Curity Identity Server](https://curity.io/resources/learn/attach-debugger/): How to attach a remote debugger to the Curity Identity Server - [Generic Consentor Plugin | Curity Identity Server](https://curity.io/resources/learn/generic-consentor-plugin/): Learn how to write a plugin for a custom generic consentor - [Introduction to Multi-Factor Authentication | Curity](https://curity.io/resources/learn/introduction-to-mfa/): Multi-factor authentication is an authentication method that relies on more than one factor when determining whether to grant access to a user. - [Create Secure MFA with Curity's Identity Server | Curity](https://curity.io/resources/learn/mfa-in-curity/): Create secure multi-factor authentication with the Curity Identity Server. Configure an infinite number of authenticators and build custom MFA solutions. - [4 Examples of Multi-Factor Authentication Approaches | Curity](https://curity.io/resources/learn/approaches-to-mfa/): We provide examples of the most common multi-factor authentication approaches to help you find the right balance between security and usability. - [MFA Solutions - New Country vs. Changed Country | Curity](https://curity.io/resources/learn/new-vs-changed-country-action/): Learn about the difference between the Changed Country and the New Country Authentication actions and how to use them for multi-factor authentication. - [Authentication Actions: The Impossible Journey | Curity](https://curity.io/resources/learn/impossible-journey-action/): Learn about the Impossible Journey authentication action and how you can use it to check and verify potentially suspicious scenarios. - [Geo-Location Data in the Authentication Process | Curity](https://curity.io/resources/learn/geolocation-overview/): Learn how to customize the authentication process using geo-location data in the Curity Identity Server. - [An Overview of WebAuthn | Curity](https://curity.io/resources/learn/webauthn-overview/): WebAuthn is a specification of a JavaScript API that allows applications to perform secure authentication for both multi-factor and single-factor scenarios. - [What Are Passkeys? | Curity](https://curity.io/resources/learn/what-are-passkeys/): Passkeys offer a passwordless and convenient way to sign in to online accounts and services. They improve both security and user-experience of logins. - [Passkeys - Design your Solution | Curity](https://curity.io/resources/learn/passkeys-design-your-solution/): Passkeys technology support and design recommendations - [Account Linking Recipes in MFA | Curity](https://curity.io/resources/learn/account-linking-recipes/): Safely change the primary authentication factor, without duplicating identities - [Building a Neo-Security Architecture to Protect APIs | Curity](https://curity.io/resources/learn/curity-neo-security/): The Neo-Security Architecture is a modular security architecture. Learn how an Identity Management System like the Curity Identity Server fits in this adaptive security architecture. - [Introduction to Authorization | Curity](https://curity.io/resources/learn/introduction-authorization/): Learn about the common concepts, terms and patterns in authorization. - [Introducing the Neo-Security Architecture | Curity](https://curity.io/resources/learn/what-is-neosecurity/): Learn what the Neo-Security Architecture is and how it ensures easy integration, future scalability, API Security and secure identity management. - [An Introduction to Identity and Access Management | Curity](https://curity.io/resources/learn/introduction-identity-and-access-management/): Learn what IAM is, how it works and why it is important. Get some guidance on IAM tools and strategies. - [The Identity Management System | All You Need to Know](https://curity.io/resources/learn/identity-management-system/): An overview of the Identity Management System, and its main components: authentication service, token service, federation and user management service. - [The API Management System | Everything You Need to Know"](https://curity.io/resources/learn/api-management-system/): What is an API Management System, what does it do, and what services does it contain? - [What is an Entitlement Management System? | Curity](https://curity.io/resources/learn/entitlement-management-system/): What is an Entitlement Management System, what are the functions and what components does it include? - [An Introduction to Authorization Exchange (AuthZEN) | Curity](https://curity.io/resources/learn/authzen/): This article gives an overview of the AuthZEN Authorization API and how it relates to authentication and authorization. - [Authentication vs. Authorization: What's the Difference? | Curity](https://curity.io/resources/learn/authentication-vs-authorization/): Authentication and authorization are two security processes used to protect systems and information. This article outlines what they mean and their differences. - [Glossary of Identity Management Terms | Curity Identity Server](https://curity.io/resources/learn/glossary-of-identity-management-terms/): All the terminology of Identity Management and Neo-Security: Authentication, Authorization, Tokens, DCR, SCIM and more. - [OAuth 2.0 Overview | Curity Identity Server](https://curity.io/resources/learn/oauth-overview/): An overview of the OAuth 2.0 authorization framework, summarizing the roles of resource owner, client, resource server and authorization server. - [How to Choose the Right OAuth 2.0 Flow - A Complete Guide | Curity](https://curity.io/resources/learn/choose-oauth-flow/): Learn how to select the right OAuth 2.0 flow for your app, including code flow, client credentials flow, device flow, and more for various use cases. - [OAuth Code Flow | Curity Identity Server](https://curity.io/resources/learn/oauth-code-flow/): The OAuth Code Flow Explained. - [What is Proof Key for Code Exchange? | Curity](https://curity.io/resources/learn/oauth-pkce/): Learn how the Proof Key for Code Exchange (PKCE) should be used in the OAuth server. - [Demonstrating Proof of Possession Overview | Curity](https://curity.io/resources/learn/dpop-overview/): What is Demonstrating Proof of Possession (DPoP), and how can it be used to improve the security of public clients. - [OAuth Implicit Flow | Curity](https://curity.io/resources/learn/oauth-implicit-flow/): The OAuth Implicit flow explained. - [OAuth Token Exchange Flow | Curity Identity Server](https://curity.io/resources/learn/token-exchange-flow/): OAuth 2.0 Token Exchange Explained. - [OAuth Client Credentials Flow | Curity Identity Server](https://curity.io/resources/learn/oauth-client-credentials-flow/): The OAuth Client Credentials Flow Explained. - [OAuth Resource Owner Password Credentials Flow | Curity Identity Server](https://curity.io/resources/learn/oauth-resource-owner-password-credential-flow/): The OAuth Resource Owner Password Credentials Flow Explained. - [OAuth 2.0 Device Flow Explained | Curity](https://curity.io/resources/learn/oauth-device-flow/): Learn how OAuth 2.0 Device Flow enables secure authentication on input-constrained devices like smart TVs and consoles: easy setup and seamless user experience. - [How OAuth 2.0 Token Revocation Works & Why It Matters | Curity](https://curity.io/resources/learn/oauth-revoke/): Learn how OAuth 2.0 token revocation works to securely revoke access and refresh tokens, enhance security, and prevent unauthorized access. - [OAuth Refresh Token Explained | Curity](https://curity.io/resources/learn/oauth-refresh/): The OAuth Refresh Tokens and Flow Explained. - [Mutual TLS Client Authentication | Curity](https://curity.io/resources/learn/oauth-client-authentication-mutual-tls/): What is Mutual TLS, and how does Client Authentication with Mutual TLS work? - [Mutual TLS Sender Constrained Access Tokens | Curity](https://curity.io/resources/learn/oauth-certificate-bound-access-token/): Use mutual TLS to harden the use of access tokens, so that an attacker cannot use stolen tokens to gain API access. - [Client Assertions and JWKS URI | A Simple Guide | Curity](https://curity.io/resources/learn/client-assertions-jwks-uri/): Protecting APIs with strong security by requiring clients to authenticate using JWT client assertions - [Pushed Authorization Requests (PAR) | Curity Identity Server](https://curity.io/resources/learn/pushed-authorization-requests/): What is PAR, and how does it help improve security for financial-grade APIs? - [OAuth Registration with Client ID Metadata Document | Curity Identity Server](https://curity.io/resources/learn/oauth-client-id-metadata-document/): The OAuth Client ID Metadata Document draft specification provides a convenient way for OAuth clients to identify themselves at the authorization server without having to register upfront. - [Supported OAuth 2.0 RFCs | Curity Identity Server](https://curity.io/resources/learn/oauth-supported-standards/): An overview of the OAuth 2.0 related standards and their support in the Curity Identity Server. - [What Is OpenID Connect, and How Does It Work? | Curity](https://curity.io/resources/learn/openid-connect-overview/): OpenID Connect explained: what it is and what benefits does it offer. How does it compare with OAuth2 and SAML? - [OpenID Connect Authorization Code Flow | An Overview](https://curity.io/resources/learn/openid-code-flow/): A thorough explanation of the OpenID Connect Authorization Code Flow. Learn how to authenticate users and clients with OIDC. - [How to Validate an OpenID Connect ID Token | Curity](https://curity.io/resources/learn/validating-an-id-token/): This article shows how to validate an OpenID Connect ID Token. Find out what each part of the token means and when to use JWT tokens. - [Dynamic Client Registration | An Overview | Curity](https://curity.io/resources/learn/openid-connect-understanding-dcr/): An overview of the Dynamic Client Registration (DCR) protocol. Learn about its use cases, deployment patterns and how to build a more dynamic network. - [How to Use Dynamic Client Registration | Curity](https://curity.io/resources/learn/using-dynamic-client-registration/): Dynamic Client Registration allows new clients to be registered using a standard API. In this article we provide examples of use cases. - [How to Manage Dynamic Client Registration | Curity](https://curity.io/resources/learn/dynamic-client-registration-management/): An overview of Dynamic Client Registration Management: DCR and DCRM with client certificates. Learn how to manage any dynamically registered clients. - [OAuth and OIDC Request Objects | Curity](https://curity.io/resources/learn/signed-request-object/): An overview of the OAuth and OIDC Request Objects, how to pass them, and how to validate, sign, encrypt and use them in authorization requests. - [Dynamic Client Registration Authentication Methods | Curity](https://curity.io/resources/learn/dynamic-client-registration-authentication-methods/): An overview of the main DCR use cases, how to secure DCR, user and client authentication, Financial-grade DCR authentication and dynamic client management. - [JWT Secured Authorization Response Mode (JARM) | Curity Identity Server](https://curity.io/resources/learn/jwt-secured-authorization-response-mode/): An overview of the JWT Secured Authorization Response Mode, when and how to use it. - [Pairwise Pseudonymous Identifiers | OpenID Connect Standard](https://curity.io/resources/learn/ppid-intro/): Introduction to Pairwise Pseudonymous Identifiers (PPIDs). How to use them in OpenID Connect Standard to increase user privacy. - [OpenID Connect Standards | A Brief Overview | Curity](https://curity.io/resources/learn/openid-connect-standards/): Overview of OpenID Connect standards and how they used by the Curity Identity Server. - [OpenID Connect Hybrid Flow | An Introduction | Curity](https://curity.io/resources/learn/oauth-hybrid-flow/): Learn about the OpenID Connect hybrid flow, its components, and how it combines the implicit and authorization code flows for secure authentication. - [OpenID Connect: How Single Logout Works | Curity](https://curity.io/resources/learn/openid-connect-logout/): An overview of OpenID Connect Single Logout and how it can be used as a counterpart to Single Sign On (SSO) to protect users and their data. - [Client Initiated Backchannel Authentication (CIBA) | Curity Identity Server](https://curity.io/resources/learn/client-initiated-backchannel-authentication/): Learn about the Client Initiated Backchannel Authentication (CIBA) specification and how to use it to retrieve a token without direct user interaction. - [Client Initiated Backchannel Authentication Flow | Curity](https://curity.io/resources/learn/ciba-flow/): This article describes the messages in the poll mode as specified by CIBA and aims to help developers understand and implement the specification. - [Device Flow vs CIBA | Which Flow Should You Choose?](https://curity.io/resources/learn/device-flow-vs-ciba/): Which Flow Should You Choose, the OAuth Device Authorization Grant or OpenID Client Initiated Back-Channel Authentication? - [How Encrypted ID Tokens Work | Curity](https://curity.io/resources/learn/encrypted-id-tokens/): Using JSON web encryption to protect the confidentiality of ID tokens - [Using External IDPs | Curity Identity Server](https://curity.io/resources/learn/external-idps/): Why and when external IDPs may be useful - [Multi-Region Deployment | Curity Identity Server](https://curity.io/resources/learn/multi-region-deployment/): How to deploy the Curity Identity Server across multiple datacenters and regions. - [OAuth Troubleshooting for DevOps | Curity Identity Server](https://curity.io/resources/learn/oauth-troubleshooting-devops/): Managing the Identity Server and dealing with issues in production environments - [OAuth Troubleshooting for Developers | Curity Identity Server](https://curity.io/resources/learn/oauth-troubleshooting-developers/): Managing the Identity Server and dealing with errors during application development - [Dynamic User Routing | Curity Identity Server](https://curity.io/resources/learn/dynamic-user-routing/): A design pattern for dynamically routing users to their home region in a global IAM system. - [IAM Configuration Best Practices | Curity Identity Server](https://curity.io/resources/learn/iam-configuration-best-practices/): Managing configuration in your Identity and Access Management (IAM) System for multiple environments - [Identity and Access Management | Curity](https://curity.io/resources/learn/iam-primer/): Basic IAM concepts and practical advice on how best to implement Identity and Access Management for any business. - [What is Zero Trust Architecture? | Curity](https://curity.io/resources/learn/zero-trust-overview/): What is Zero Trust Architecture (ZTA), and why is it essential to implement Zero Trust Security to protect your resources? Build a Zero Trust Model. - [Protecting Single Page Apps with Token Handler Pattern | Curity](https://curity.io/resources/learn/the-token-handler-pattern/): Learn how to secure an SPA using an API-driven Backend for Frontend, for the best all-round architecture - [Elevating API Security and Resilience with Token Patterns | Curity Identity Server](https://curity.io/resources/learn/token-patterns/): Elevate API security with token patterns like phantom and token exchange. Improve resilience and privacy, and enable zero-trust architecture. - [Integrate Identity with Business Data | Curity](https://curity.io/resources/learn/integrate-identity-business-data/): Protect business data with an Identity and Access Management System. In this article, we provide design choices and guide you through the integration process - [Privacy and GDPR Using OAuth - Meet Requirements | Curity](https://curity.io/resources/learn/privacy-and-gdpr/): How to comply with privacy regulations and GDPR, using OAuth. Incorporate User Privacy Design in your organization's architecture to keep data safe and meet regulations. - [Open Policy Agent: Integration Overview | Curity](https://curity.io/resources/learn/opa-integration/): What is Open Policy Agent (OPA) and how does it work? Find out how Curity's Identity Server and OPA can create strong user authentication. - [Federation Requirements Introduced in FIPS 201-3 | Curity](https://curity.io/resources/learn/fips-201-3/): An overview of FIPS 201-3 and SP 800-C3, listing the requirements and explaining how OpenID Connect fits into the picture. - [An Introduction to Single Sign-On | All You Need to Know](https://curity.io/resources/learn/single-sign-on-introduction/): A brief introduction to Single Sign-On. Read about the benefits of SSO and how it can be used with OpenID Connect to authenticate users. - [Sessions and Single Sign-On | Build a Secure SSO Solution](https://curity.io/resources/learn/sessions-and-sso/): Single Sign-On (SSO) sessions are not web sessions - how do you tell them apart? Learn what the Single Sign-On session is and how to design your SSO solution - [Web Client Single Sign-On with OpenID Connect | Curity](https://curity.io/resources/learn/web-client-sso-with-openid-connect/): An example of the process of implementing Single Sign-On for a web client. Learn about SSO requirements and what clients do. - [How to Use SSO for AI Agents with OpenID Connect and Multiple Trust Domains | Curity Identity Server](https://curity.io/resources/learn/sso-for-ai-agents-with-openid-connect/): Implementing Single Sign-On for AI Agents with OpenID Connect: options and examples. Secure your AI agents using a Single Sign-On Service. - [Single Sign-On and Authentication Methods | Curity](https://curity.io/resources/learn/sso-and-authentication-methods/): Examples of how you can adjust the Single Sign-On (SSO) behavior depending on the authentication methods used, as a way of improving your security architecture. - [How to Use SSO for Mobile Apps with OpenID Connect | Curity Identity Server](https://curity.io/resources/learn/sso-for-mobile-apps-with-openid-connect/): Implementing Single Sign-On for mobile apps with OpenID Connect: options and examples. Secure your mobile apps using a Single Sign-On Service. - [Administrative Management of SSO | Curity](https://curity.io/resources/learn/administrative-management-of-sso/): A short overview of typical Single Sign-On use cases for applications and clients. Read about the benefits of having a differentiated approach. - [How to Prompt for Login During SSO | Curity](https://curity.io/resources/learn/prompting-for-login-during-sso/): Learn how you can allow the client to manage Single Sign-On prompts based on the duration of sessions or OpenID Connect parameters. - [How to implement SSO for Web with OpenID Connect | Curity Identity Server](https://curity.io/resources/learn/sso-for-web-with-openid-connect/): Explore use cases for web Single Sign-On, the benefits of using SSO for web, cookie security and how to maximize user experience using iFrames. - [User Provisioning With SCIM | Curity Identity Server](https://curity.io/resources/learn/user-provisioning-with-scim/): Overview of System for Cross-domain Identity Management (SCIM). What is SCIM, and what problems does it solve? - [Managing Users With SCIM | Curity Identity Server](https://curity.io/resources/learn/managing-users-with-scim/): An explanation of how to create, read, update and delete (CRUD) users with the help of the System for Cross-domain Identity Management (SCIM). - [Meet Curity at API World | Curity Identity Server](https://curity.io/api-world/): Join us at the conference to discuss how to maximize investment and modernize API access and identity management across your organization. - [Book a Call | Curity Identity Server](https://curity.io/book-a-call/): The Curity Identity Server brings identity and API security together, enabling scalable and secure user access to digital services, apps, and websites. - [Contact the Curity Team | Curity Identity Server](https://curity.io/contact/): Send us your questions or request a call back. - [Documentation | Curity Identity Server](https://curity.io/docs/): All you need to know in order to install, operate, and develop applications that interoperate with the Curity Identity Server. - [Frequently Asked Questions | Curity Identity Server](https://curity.io/faq/): Quick answers to common questions about the Curity Identity Server - [Gartner Identity & Access Management Summit 2025, USA | Curity](https://curity.io/gartner-iam-us/): Join us at the summit in Grapevine, TX December 8-10, 2025 to discuss how to maximize investment and modernize identity and API access across your organization. - [Gartner Identity & Access Management Summit 2025, London, U.K | Curity](https://curity.io/gartner-iam/): Join us at the Summit in London on the 24th and 25th of March to discuss how to maximize investment and modernize identity and API access across your organization. - [Identiverse conference in Denver, Colorado June 21-24, 2022 | Curity Identity Server](https://curity.io/identiverse/): Join us at the Identiverse conference in Denver, Colorado,June 21-24, 2022, where Curity will be a sponsor. Meet with our experts onsite and learn how to maximize investment and modernize identity and API access across your organization. - [Trust Your AI Agent. We Control the Access](https://curity.io/): AI is already calling your APIs and accessing your data. The companies winning with AI are the ones who control access first. The Curity Identity Server secures humans, AI agents, and the APIs that connect them. - [Financial-grade APIs for Open Banking Brazil | Curity Identity Server](https://curity.io/open-banking-brazil/): Enhanced to comply with regulatory and customer demands in Brazil for greater access to sensitive data and protection of that data. - [Enabling UK Open Banking | Curity Identity Server](https://curity.io/open-banking-uk/): Meet the key requirements for UK Open Banking - consent, trusted onboarding, and access. - [Win a £150 Amazon Giftcard! | Curity Identity Server](https://curity.io/prizedraw/): Sign up with your company email address to enter the prize draw and you might leave the event with a £150 Amazon Giftcard! - [Support | Curity Identity Server](https://curity.io/support/): Our team is here to help! - [Terms of Use | Curity Identity Server](https://curity.io/terms-of-service/): Terms of Use - [Authors | Blog](https://curity.io/blog/authors/): Curity Blog - [Tags | Blog](https://curity.io/blog/tags/): Tags on the Curity blog - [Thank you for getting in touch! | Curity Identity Server](https://curity.io/contact/thank-you/): We appreciate you contacting us and will get back in touch with you soon. - [Careers | Curity Identity Server](https://curity.io/company/careers/): Work at the cutting edge of identity to help make the internet safer. Join our team and help solve complex identity problems. - [Customers | Curity Identity Server](https://curity.io/company/customers/): Join a growing list of companies who rely on Curity - [ESG - Environmental, Social and Governance | Curity Identity Server](https://curity.io/company/esg/): Environmental, Social and Governance - [Events Calendar | Curity Identity Server](https://curity.io/company/events/): Upcoming events that Curity attends or hosts. - [Partners | Curity Identity Server](https://curity.io/company/partners/): Our partner network includes technology alliances, system integrators and consultants, and value-added resellers. - [Thank you for getting in touch! | Curity Identity Server](https://curity.io/gartner-iam-us/thank-you/): We appreciate you contacting us and will get back in touch with you soon. - [License agreement for Curity software | Curity Identity Server](https://curity.io/legal/license-agreement-pre-2024-03-25/): Legal Documents - [Courses | Curity Identity Server](https://curity.io/resources/courses/): Curity courses - [Documents | Curity Identity Server](https://curity.io/resources/documents/): Download our whitepapers, eBooks and reports for in-depth insights on topics related to Curity, identity management and API security. - [Topics | Resources Library](https://curity.io/resources/topics/): What’s your topic? Learn about multi-factor authentication, SSO, OAuth, OpenID Connect, API security, identity architecture, and much more. - [Videos | Curity Identity Server](https://curity.io/resources/videos/): Videos on multi-factor authentication, OAuth and OpenID Connect, Authentication, Claims, REST APIs and more. - [Webinars | Curity Identity Server](https://curity.io/resources/webinars/): Curity webinar series offering actionable insights from the comfort of your chair - [How We Hire | Careers](https://curity.io/company/careers/how-we-hire/): What to expect when applying for a job at Curity - [Thank you for your job application! | Curity Identity Server](https://curity.io/company/careers/thank-you/): Your application is on its way to our hiring team and they will get back to you within 5 days. - [Who we Are | Careers](https://curity.io/company/careers/who-we-are/): We are a bunch of talented developers, engineers, and industry experts who solve complex identity problems. And we're just getting started. - [Working at Curity | Careers](https://curity.io/company/careers/working-at-curity/): We are always on the lookout for skilled people. Join our team and help solve complex identity problems. - [Environmental | ESG](https://curity.io/company/esg/environmental/): Curity's mission is to make the internet safer, we can't achieve that without considering the environment. - [Governance | ESG](https://curity.io/company/esg/governance/): At Curity we believe that good governance is needed to successfully deliver to our customers, staff, and the world around us. - [Social | ESG](https://curity.io/company/esg/social/): At Curity, we believe that companies are responsible for employees and the impact they have on society and the world around them. - [Join The Partner Network | Curity Identity Server](https://curity.io/company/partners/become-a-partner/): Join us on the journey to modernize authentication and access to secure APIs and provide exceptional customer experiences. - [Open Source Project Status | Curity Identity Server](https://curity.io/resources/code-examples/status/): This page described the meaning of various availability and quality designations that open source projects provided by Curity may have. If a project on the Curity GitHub Organization doesn’t have one of these designations, you should assume that the only availability is source and the quality is experiment/demo. - [API Security and Authorization | Curity Identity Server](https://curity.io/resources/courses/api-security-and-authorization/): In this course, we give an overview of API security and authorization, look at requirements and outline some best practices to adopt. We also look at the difference between authentication and authorization, and how attributes, tokens, claims, and scopes all fit together. Register to get instant access to the courses and study from the comfort of your chair, at a time that suits you. - [Building an Identity Architecture | Curity Identity Server](https://curity.io/resources/courses/building-an-identity-architecture/): Attend this online four-part course to learn about best practices to build a centralized and modular identity architecture based on open standards. You get a comprehensive introduction to the Neo-security concepts and how you can use them to create a secure architecture to protect and assert legitimate access to APIs, services, and applications on the web and mobile. It manages identities, governs the issuance of tokens, and is responsible for federation—critical for building a secure and scalable platform. - [Deploying the Curity Identity Server | Curity Identity Server](https://curity.io/resources/courses/deploying-the-curity-identity-server/): This course is all about concepts and best practices for deploying the Curity Identity Server. It covers aspects such as the deployment architecture, configuration management or life cycle management including backup, recovery and upgrade. Watch out for more content as more videos are planned. - [Getting Started with OAuth and OpenID Connect | Curity Identity Server](https://curity.io/resources/courses/getting-started-with-oauth-and-openid-connect/): In this 8 part online course you will get a comprehensive introduction to OAuth and OpenID Connect to help you get started with implementing these security standards in your own projects. - [JWT Security Best Practice | Curity Identity Server](https://curity.io/resources/courses/jwt-best-practice/): In this 1 part online course we outline some best practices for using JWTs, so that you can maintain a high level of security in your applications. These practices are based on community standards written down in RFCs as well as our own experience from working with JWTs. - [OpenID Connect in Detail | Curity Identity Server](https://curity.io/resources/courses/openid-connect-in-detail/): In this 4 part online course we explore OpenID Connect in detail. You will learn about important aspects of OpenID Connect such as: what are ID tokens and how to validate them, how to properly manage sessions and different ways of enabling stronger authentication methods. - [Curity Shorts | Videos](https://curity.io/resources/videos/curity-shorts/): Short videos to walk you through some of the main concepts and upcoming trends in the digital identity space. - [Demo How-tos | Videos](https://curity.io/resources/videos/demos/): Find demos of Curity's solutions and how they can be used in various industries. - [Developer How-tos | Videos](https://curity.io/resources/videos/developer-how-tos/): Videos on how to develop, configure and integrate various tools and actions in the Curity Identity Server. - [Live Presentations | Videos](https://curity.io/resources/videos/live/): Live presentations of API and identity industry leaders. - [Thank you for registering for our webinar. | Curity Identity Server](https://curity.io/resources/webinars/thank-you/): Curity webinar series offering actionable insights from the comfort of your chair - [Access Intelligence — Control Every AI Agent Request | Curity Identity Server](https://curity.io/product/access-intelligence/): AI agents are calling your APIs right now. Curity Access Intelligence gives you full control over every request — without new systems, without rebuilding your architecture. - [301 Moved Permanently](https://curity.io/solutions/open-banking-and-psd2/): undefined