eBook: API Security

eBook: API Security

We cover the most critical aspects of securing APIs and microservices, managing identities and access, and utilizing standards like OAuth 2, OpenID Connect, and SCIM.

API Security for the Modern Enterprise

APIs have in recent years grown to be essential to the digital strategy of a modern organization. To ensure that digital assets are securely distributed, and that privacy is maintained at all times, proper access management needs to be in place. Keeping APIs, and the data provided through them, safe and only available to the intended user is a must. And with users who are used to moving through digital systems friction-free, an efficient identification and authorization process has never been more important. By embedding identity information in tokens, you can simplify the access control decisions that will be made in many different places throughout your architecture.

This booklet gathers a selection of articles that cover the most important aspects of securing APIs and microservices. It gives an introduction to related issues, such as how to utilize well-established standards, like OAuth 2, OpenID Connect and how to connect these to your applications, systems and user identities.

Table of Contents:

  • The API Security Maturity Model
  • Deep Dive into OAuth and OpenID Connect
  • JWT Security Best Practices
  • Coarse-Grained Authorization Using Scopes
  • Fine-Grained Authorization Using Claims
  • The Phantom Token Approach

More on API Security

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.