White Paper

Secure an API by using OAuth 2.0

Security, Identity & Authorisation for the API Economy


APIs are now the standard entry point to the majority of newly created ‘back-end’ functionality. These APIs exist to provide not only a standardised, structured way to access the required features or functions, but also to act as ‘gatekeepers’, ensuring appropriate security, auditing, accounting etc. Security is always underpinned by identity and as such, APIs need to know if not who is accessing them, what is the context in which they are being accessed.

In this whitepaper, you will learn:

  • An introductory background to OAuth 2.0 API protection
  • What a Resource Server needs to implement in order to protect an API with OAuth 2.0
  • The protocols the Client may use to get access tokens from an Authorization server
  • A comparison of OAuth 2.0 and API Keys