It's a common question: “why can’t I send JWTs without OAuth?” JWT is a powerful encoding format, but requires OAuth to be a complete solution. Used alone, your API is not secure.| Nordic APIs
Ping Identity’s Paul Madsen explains how OpenID Connect can be used for Native SSO, Mobile Identity Management & secure Internet of Things applications| Nordic APIs
Nordic APIs recently consulted CIBC bank on their microservices framework. We interview Eyal Sivan on their microservices strategy and how the project went.| Nordic APIs
OAuth 2 and OpenID Connect are fundamental to gold standard API security. Learn the details of these protocols, so you can secure your APIs!| Nordic APIs
Taking lessons from the recent Flash Zero Day exploits, we reiterate that an API developer should review each and every piece of code before implementing dependencies.| Nordic APIs
In this post we'll see why APIs and microservices should decouple user identity from their designs, and how to go about this implementation using scopes.| Nordic APIs
API Keys are not security. By design they lack granular control, and there are many vulnerabilities at stake: applications that contain keys can be decompiled to extract keys, or deobfuscated from on-device storage, plaintext files can be stolen for unapproved use, and password managers are susceptible to security risks as with any application. In this piece we outline the disadvantages of solely relying on API keys to secure the proper access to your data.| Nordic APIs
PSD2 is an EU regulation that will regulate open banking across Europe, enabling third parties to create new FinTech apps and fostering API economy growth.| Nordic APIs
Security is the problem of the API developer, and the API developer alone. We outline the 4 top security risks you should mitigate to protect your API.| Nordic APIs
