In 2007 Kevin Kelly gave a TED talk in which he forecasted how the World Wide Web would look 5000 days into the future, prophesizing the emergence of the IoT and AI. He envisioned a more connected planet where all manufactured goods tap into a single, global, intelligent network. At the time, the Internet of ...| Nordic APIs
Hidden yet ubiquitous throughout the digital frontier, APIs are explosively disruptive- redefining digital business, altering expectations, and changing how we interact with the world.| Nordic APIs
It's a common question: “why can’t I send JWTs without OAuth?” JWT is a powerful encoding format, but requires OAuth to be a complete solution. Used alone, your API is not secure.| Nordic APIs
This article aims to bolster your defenses by defining the four foundations of API security: Authentication, Authorization, Federation, and Delegation.| Nordic APIs
The API Security Maturity Model is a new model to gauge how mature your API security system is. Spoiler alert: if you're not using Claims, you might not make it to the top.| Nordic APIs
What special concerns must banks take in securing their APIs? We describe high-grade security mechanisms for ensuring banks secure data in API transactions.| Nordic APIs
OAuth can be paired with OpenID Connect to perform delegation of user identity across microservices for secure and replicable control of access management.| Nordic APIs
Introduction to SCIM identity protocol. We cover 3 use cases, look at API calls, and check out improvements in the recent IETF working group RFC.| Nordic APIs
API Keys are not security. By design they lack granular control, and there are many vulnerabilities at stake: applications that contain keys can be decompiled to extract keys, or deobfuscated from on-device storage, plaintext files can be stolen for unapproved use, and password managers are susceptible to security risks as with any application. In this piece we outline the disadvantages of solely relying on API keys to secure the proper access to your data.| Nordic APIs
