Source: thenewstack.io
Securing Large API EcosystemsCategory: Security, Data
https://www.linkedin.com/in/micha%C5%82-trojanowski-58664932/ Nowadays, APIs are ubiquitous — there is no doubt about that. As with almost every product, though, many aspects of APIs become more complex as they grow.
Even though many companies have matured their API security with access tokens issued using OAuth, solely using OAuth and access tokens might not be sufficient for large API landscapes.
If an API exposes many endpoints, the problem is that the bearer of such an access token can successfully call any endpoint.
The calendar API should thus not assume the user’s identity based solely on the subject claim of the access token.
Even though many companies have matured their API security with access tokens issued using OAuth, solely using OAuth and access tokens might not be sufficient for large API landscapes.
If an API exposes many endpoints, the problem is that the bearer of such an access token can successfully call any endpoint.
The calendar API should thus not assume the user’s identity based solely on the subject claim of the access token.
Related Articles
Community Partners
DevOps Careers