5 OAuth Essentials for API Access Control

API Academy Create a framework to address the complex challenges associated with implementing OAuth There are a number of important access-related challenges for API publishers. However, deploying OAuth as an authorization mechanism for enterprise APIs raises challenges around scalability, correct usage and integration. To make matters worse, OAuth is not supported by existing infrastructure and is poorly understood…

Applying and Extending DHARMA

This post gives some practical examples of the DHARMA method for API Security in a Microservice Architecture, and also shares some opportunities for extending the model. This article shares concepts from the O’Reilly book Securing Microservice APIs. If you’re attending OSCON next week, Rob Wilson and Matt McLarty will be signing and giving away print copies during lunch on Tuesday, July…

Securing Microservice APIs

Matt McLarty, Rob Wilson & Scott Morrison Sustainable and Scalable Access Control There are several techniques for controlling access to web APIs in microservice architectures, ranging from network controls to cryptographic methods and platform-based capabilities. This short ebook introduces an API access control model that you can implement on a single platform or across multiple platforms to provide…

API Management 301: OAuth-Based Access Control

Learn how OAuth provides standard patterns upon which you can deliver API access control In API Management Lesson 201: API Security, we examine typical areas of API vulnerability and share best practices for addressing these vulnerabilities – including the use of OAuth as an access control mechanism. In this lesson, we describe how OAuth provides standard patterns upon which…

API Management 201: API Security

Identify typical areas of API vulnerability and learn best practices for securing APIs In Lesson 103: Choosing a Solution, we discuss the importance of considering functional and operational security characteristics when choosing an API Management solution. Regardless of the solution, understanding the risk profile of APIs is vital to protecting an API against attack. In this lesson, we examine…

API Strategy 201: Private APIs vs. Open APIs

One of the key considerations that should guide both your API business strategy and your interface architecture is the distinction between open and private APIs. An interface is defined as open or private depending on whether it targets external or in-house developers. In this lesson, we explain the distinction in detail and explore ways it may impact your…

Scroll to top