Military-Grade Security for APIs

Some APIs require tighter security than others, e.g., financial applications. After all, breaching a bank’s API is far more severe, than a cookbook recipes API. An important part of API security is the process of obtaining tokens with OAuth or OpenID Connect flows. In this talk I will present the extensions to OAuth and OIDC recommended for sensitive applications. The cryptic names of PAR, JARM, and mTLS will finally get meaning.

A talk given by Michal Trojanowski, Product Markering Engineer at Curity, at the 2023 Platform Summit in Stockholm.

More Live presentations videos

Ditch the Browser, Native API-Driven App Authentication with Passkeys
Addressing Top API Security Risks
Decentralized Identities Changes Everything, Even Your APIs
Browserless OAuth Flows in Mobile Apps Using a Hypermedia API
OAuth and OpenID Connect - What's next?
Curity on ProgrammableWeb's Developers Rock Podcast
OAuth Tokens As Your Identity API
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Security Is a Concern, Let’s Make It an Enabler
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access