API Security and Authorization
In this course, we give an overview of API security and authorization, look at requirements and outline some best practices to adopt.
We also look at the difference between authentication and authorization, and how attributes, tokens, claims, and scopes all fit together.
Register to get instant access to the courses and study from the comfort of your chair, at a time that suits you.
Session 1: Overview and Requirements
The first session of the course provides an overview of authorization and presents different stakeholders that define the requirements for authorization.
- Authentication & Authorization - what's the difference?
- Authorization Overview & Requirements
- Attributes and how to use them for authorization
- Claims & Scopes used to hold attribute values
Session 2: Techniques
The second session focuses on the techniques of authorization: the use of claims, authorization in layers, how to externalize it to an entitlement management system, and more.
- Claims mappers and value providers
- Authorization in layers
- Authorization via the Entitlement Management System
- Attribute Governance