API Security: The 4 Defenses of The API Stronghold
This article aims to bolster your defenses by defining the four foundations of API security: Authentication, Authorization, Federation, and Delegation.| Nordic APIs
This article aims to bolster your defenses by defining the four foundations of API security: Authentication, Authorization, Federation, and Delegation.| Nordic APIs
Ping Identity’s Paul Madsen explains how OpenID Connect can be used for Native SSO, Mobile Identity Management & secure Internet of Things applications| Nordic APIs
We review the 3 main methods used for security and authentication control in the realm of APIs - HTTP Basic Authentication, API Keys, and OAuth| Nordic APIs
Continuous API Strategies for Integrated Platforms API experts and thought leaders will once again gather in Stockholm for the 2019 Platform Summit. They will share insights and expertise and allow you to: Explore continuous API strategies for integrated platforms Expand your knowledge of design style: GraphQL, REST, gRPC & more Take microservices architecture theories into ...| Nordic APIs
The Richardson Maturity Model is a visual pyramid to gauge the competency of your API. In this article we dissect each layer: Plain Old XML, Resources, HTTP verbs, & hypermedia. Much like Maslow's Hierarchy, the journey to realization is an upward climb; as your API moves higher, it becomes more fulfilled.| Nordic APIs
HATEOAS, or Hypermedia as the Engine of Application State, is a requirement for true REST API design. However, some shy from it, feeling it's too difficult to fully implement. In this post, we compare formats like HAL, JSON-LD, Siren and others to see which specs can make HATEOAS compliance easier.| Nordic APIs
We interview 3 experts on the state of REST design. Discover the benefits of REST, its shortcomings, and how API design expectations are changing in the wake of asynchronous environments.| Nordic APIs
API security is complex, and the underlying systems that support it are even more so. Getting a grasp on API security requires understanding many underlying components. Accordingly, any tool that can help contextualize these systems is not only a good educational tool, but it’s also a good business tool. OAuth.tools looks poised to be that ...| Nordic APIs
How do we design and implement an OAuth flow for Single Page Applications (SPAs), a design style that has no backend? Learn the Assisted Token flow.| Nordic APIs
Two-factor authentication verifies user identity. We review 8 two-factor authentication APIs that enable authentication by text, email, phone, & other ways.| Nordic APIs
API Keys are not security. By design they lack granular control, and there are many vulnerabilities at stake: applications that contain keys can be decompiled to extract keys, or deobfuscated from on-device storage, plaintext files can be stolen for unapproved use, and password managers are susceptible to security risks as with any application. In this piece we outline the disadvantages of solely relying on API keys to secure the proper access to your data.| Nordic APIs
Jacob Ideskog is an Identity Specialist and CTO at Curity. Most of his time is spent working with security solutions in the API and Web space. He has worked with both designing and implementing OAuth and OpenID Connect solutions for large enterprise deployments as well as small startups.| Nordic APIs
