ArticlesGetting StartedHow-tosGuidesCode ExamplesDocumentation

Articles

Self-contained JWTs

Self-contained JWTs

Design patterns to allow JWTs to be validated using extended header fields and Public Key Infrastructure.

Token Sharing Approaches

Token Sharing Approaches

Learn about the different ways in which access tokens can be shared.

The Phantom Token Approach

The Phantom Token Approach

Adapt the Phantom Token Approach. A privacy-preserving token usage pattern for microservices and combine the benefits of opaque and structured tokens.

The Split Token Approach

The Split Token Approach

The Split Token Approach, applicable for any OAuth 2.0 ecosystem, aims to improve your tokens' security.

API Security Best Practices

API Security Best Practices

Security tips to consider when designing and creating APIs.

JWT Security Best Practices

JWT Security Best Practices

What you should consider when using JWTs in your applications.

Top 10 API Security Vulnerabilities According to OWASP

Top 10 API Security Vulnerabilities According to OWASP

A write-up of the top API security vulnerabilities according to OWASP and mitigating approaches.

The API Security Maturity Model

The API Security Maturity Model

There is a spectrum of API security implementations, and not all of them are equal. The model describes API security in ever-increasing levels of trust, complexity, and efficiency.

Videos

Using Curity, OPA and Kong for end-to-end API authentication and authorization
Implementing Claims Best Practices
Browser-less mobile login using the authentication API
Scalable API Security Using OAuth
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Financial Grade APIs Using OAuth and OpenID Connect
Security Is a Concern, Let’s Make It an Enabler
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access

API security encompasses the practices, processes, and products used to ensure APIs are secure, data can be transferred safely, and malicious attacks are prevented. APIs power the connectivity of the digital world. They offer faster integrations and increased freedom of choice when it comes to products. Keeping APIs, and the data provided through them, safe and only available to the intended user is a must. In this section we have gathered information covering the most important aspects of securing APIs and microservices.