O'Reilly logo

Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE by Prabath Siriwardena

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 14

image

Patterns and Practices

Chapter 2 touched on some of the key patterns surrounding API security. This chapter expands on that discussion with more concrete details. Here we present ten API security patterns to address the ten most common enterprise security problems. All of the patterns are derived from the concepts and theories discussed in previous chapters.

Direct Authentication with the Trusted Subsystem Pattern

Suppose a medium-scale enterprise has a limited number of RESTful APIs. Company employees are allowed to access these APIs via a single web application while they’re behind the company firewall. All user data is stored in ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required