A How-to Guide to OAuth & API Security

API Academy

Make OAuth implementation simple for your organization

OAuth is an emerging Web standard that lets users grant third-party clients restricted access to resources they own. In the past, it was common to ask a user to share username and password information with the client. OAuth authentication is more secure as it allows the user to grant restricted access to applications and data, by issuing a token with limited capabilities.

OAuth authentication is rapidly becoming a foundation of the modern Web and has grown far beyond its social media roots. This evolution is being driven by the corporate need to support increasingly diverse clients – particularly mobile devices. Organizations are aggressively deploying APIs to service the mobile delivery channel and OAuth is the best practice for API authorization.

However, OAuth is only one component of a full API access control and security solution. It is important not to lose sight of the big picture of API management—including user management, auditing, throttling and threat detection. APIs are often a direct conduit to mission-critical enterprise applications. They need a full, enterprise-class security solution to protect them.

This white paper describes:

  • What OAuth is and how it fits into a complete API security solution
  • Why implementing OAuth can be complex
  • How you can make OAuth implementation simple for your organization
Sean O'Connell, MSC, CISSP

Sean O'Connell, MSC, CISSP

Sean O Connell, B.SC, M.Sc, CISSP, is the technical lead for the Broadcom API Management solution in EMEA. With a hardened background in deep-core security and cryptography, for over 11 years in Siemens, Sean has been at CA Technologies/Broadcom for over 15 years where he has held senior roles for the positioning of value-centric APIM enterprise-class solutions to his customer-base. His back-ground in security has been central to understanding emerging threats as well as managing the complex web of evolving requirements when enterprises adopt an API-first digital transformation program. In his spare time, he is a keen hill walker, mountain biker and when the weather doesn't permit, he can be found in his shed working with wood.

Share With Your Network

Share on twitter
Share on linkedin
Share on facebook
Share on email
Share on print

More From The API Academy