Our first three articles were about designing and getting an access token. We also established a model for how we move from identity and scopes to the permissions that we base all further access control on. In this article, we discuss what you need to do when implementing your API in order to protect your functions and your data.
