Military-Grade Security for APIs

API Security

Some APIs require tighter security than others, e.g., financial applications. After all, breaching a bank’s API is far more severe, than a cookbook recipes API. An important part of API security is the process of obtaining tokens with OAuth or OpenID Connect flows. In this talk I will present the extensions to OAuth and OIDC recommended for sensitive applications. The cryptic names of PAR, JARM, and mTLS will finally get meaning.

A talk given by Michal Trojanowski, Product Markering Engineer at Curity, at the 2023 Platform Summit in Stockholm.

More Live presentations videos

Panel Discussion: API Authorization
OAuth Well Played – Mods and Combos for the Cloud Native API Security Game
Who Needs That FAPI Thing, Anyway?
How to Build a Fortress with the Security of a Tent
The Swedish Chef Would Be Proud: Cooking up a Secure API in Minutes – Instructions Included
Ditch the Browser, Native API-Driven App Authentication with Passkeys
Browserless OAuth Flows in Mobile Apps Using a Hypermedia API
Addressing Top API Security Risks
Decentralized Identities Changes Everything, Even Your APIs
OAuth and OpenID Connect - What's next?
Curity on ProgrammableWeb's Developers Rock Podcast
OAuth Tokens As Your Identity API
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Security Is a Concern, Let’s Make It an Enabler
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access