Discover different aspects of API Security and learn best practice approaches.
API security encompasses the practices, processes, and products used to ensure APIs are secure, data can be transferred safely, and malicious attacks are prevented. APIs power the connectivity of the digital world. They offer faster integrations and increased freedom of choice when it comes to products. Keeping APIs, and the data provided through them, safe and only available to the intended user is a must. In this section we have gathered information covering the most important aspects of securing APIs and microservices.
Zero Trust API Events
Flowing user identity in event messages, to enable verification and auditing when asynchronous processes resume
JWT Signatures and EdDSA
This article explains how signatures work in JWTs in general and provides a detailed example based on the EdDSA algorithm
How to handle impersonation and delegation with OAuth and OpenID Connect to enable a subject to act as a different subject.
Design patterns to allow JWTs to be validated using extended header fields and Public Key Infrastructure.
Token Sharing Approaches
Learn about the different ways in which access tokens can be shared.
The Phantom Token Approach
Adopt the Phantom Token Approach. A privacy-preserving token usage pattern for microservices and combine the benefits of opaque and structured tokens.
The Split Token Approach
The Split Token Approach, applicable for any OAuth 2.0 ecosystem, aims to improve your tokens' security.
Implementing Zero Trust APIs
A summary of the main best practices when implementing a zero trust architecture to secure APIs, using OAuth 2.0 and OpenID Connect
API Security Best Practices
Security tips to consider when designing and creating APIs.
JWT Security Best Practices
Best practices for using JTWs in applications. Learn about JWTs as access tokens, which algorithms to use, when to validate the token and other useful tips.
Top 10 API Security Vulnerabilities According to OWASP
A write-up of the top API security vulnerabilities according to OWASP and mitigating approaches.
The API Security Maturity Model
There is a spectrum of API security implementations, and not all of them are equal. The model describes API security in ever-increasing levels of trust, complexity, and efficiency.