API Keys are not security. By design they lack granular control, and there are many vulnerabilities at stake: applications that contain keys can be decompiled to extract keys, or deobfuscated from on-device storage, plaintext files can be stolen for unapproved use, and password managers are susceptible to security risks as with any application. In this piece we outline the disadvantages of solely relying on API keys to secure the proper access to your data.| Nordic APIs
What is the difference between API authentication schemes, like HTTP Basic Authentication, API Keys, and OAuth? Learn the nuances here.| Nordic APIs
We analyze three types of JWT OAuth integration approaches and consider which to use in a few types of API gateway styles.| Nordic APIs
The Split Token Approach, applicable for any OAuth 2.0 ecosystem, aims to improve your tokens' security.| curity.io
A brief introduction to Single Sign-On. Read about the benefits of SSO and how it can be used with OpenID Connect to authenticate users.| curity.io
In OAuth and OpenID Connect, scopes and claims are common concepts. This article looks at the main differences between the two.| curity.io
Adopt the Phantom Token Approach:a privacy-preserving token usage pattern for securing APIs and microservices.| curity.io
Multi-factor authentication is an authentication method that relies on more than one factor when determining whether to grant access to a user.| curity.io
Give the right people access to the right resources. At the right time with Curity's zero trust architecture.| curity.io