Best Practices for API Protection with OAuth 2.0
Security, Identity & Authorisation for the API Economy
- An introductory background to OAuth 2.0 API protection
- What a Resource Server needs to implement in order to protect an API with OAuth 2.0
- The protocols the Client may use to get access tokens from an Authorisation server
- A comparison of OAuth 2.0 and API Keys
APIs are now the standard entry point to the majority of newly created ‘back-end’ functionality. These APIs exist to provide not only a standardised, structured way to access the required features or functions, but also to act as ‘gatekeepers’, ensuring appropriate security, auditing, accounting etc. Security is always underpinned by identity and as such, APIs need to know if not who is accessing them, what is the context in which they are being accessed.