Source: thenewstack.io
How DevSecOps Teams Should Approach API Security
Software organizations need to store data and expose it over the internet to user-based applications. These components are likely familiar to anyone working in software, from business owners to developers, DevOps and compliance staff.
APIs use https://curity.io/resources/learn/token-sharing/ to forward access tokens to each other so that the user identity and claims flow securely.
The end result should be a productive setup where APIs can easily be supplied with an access token, and then be validated using a token-signing public key downloaded from the authorization server: Security Teams
In an OAuth 2.0 architecture, APIs and user applications outsource all of the low-level security, including key management and user credentials, to the authorization server.
APIs use https://curity.io/resources/learn/token-sharing/ to forward access tokens to each other so that the user identity and claims flow securely.
The end result should be a productive setup where APIs can easily be supplied with an access token, and then be validated using a token-signing public key downloaded from the authorization server: Security Teams
In an OAuth 2.0 architecture, APIs and user applications outsource all of the low-level security, including key management and user credentials, to the authorization server.
Related Articles
Community Partners
DevOps Careers