Military-Grade Security for APIs

Some APIs require tighter security than others, e.g., financial applications. After all, breaching a bank’s API is far more severe, than a cookbook recipes API. An important part of API security is the process of obtaining tokens with OAuth or OpenID Connect flows. In this talk I will present the extensions to OAuth and OIDC recommended for sensitive applications. The cryptic names of PAR, JARM, and mTLS will finally get meaning.

A talk given by Michal Trojanowski, Product Markering Engineer at Curity, at the 2023 Platform Summit in Stockholm.

More Live presentations videos

Decentralized Identities Changes Everything, Even Your APIs
Addressing Top API Security Risks
Browserless OAuth Flows in Mobile Apps Using a Hypermedia API
OAuth and OpenID Connect - What's next?
Curity on ProgrammableWeb's Developers Rock Podcast
OAuth Tokens As Your Identity API
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Security Is a Concern, Let’s Make It an Enabler
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access