API Security for the Modern Enterprise
APIs have in recent years grown to be essential to the digital strategy of a modern organization. To ensure that digital assets are securely distributed, and that privacy is maintained at all times, proper access management needs to be in place. Keeping APIs, and the data provided through them, safe and only available to the intended user is a must. And with users who are used to moving through digital systems friction-free, an efficient identification and authorization process has never been more important. By embedding identity information in tokens, you can simplify the access control decisions that will be made in many different places throughout your architecture.
This booklet gathers a selection of articles that cover the most important aspects of securing APIs and microservices. It gives an introduction to related issues, such as how to utilize well-established standards, like OAuth 2, OpenID Connect and how to connect these to your applications, systems and user identities.
Table of Contents:
- The API Security Maturity Model
- Deep Dive into OAuth and OpenID Connect
- JWT Security Best Practices
- Coarse-Grained Authorization Using Scopes
- Fine-Grained Authorization Using Claims
- The Phantom Token Approach