Book description
AdvancedAPI Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs.
API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential.
That's where AdvancedAPI Security comes in--to wade through the weeds and help you keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. Our expert author guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. The book will explain, in depth, securing APIs from quite traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it.
Build APIs with rock-solid security today with Advanced API Security.
Table of contents
- Cover
- Title
- Copyright
- Dedication
- Contents at a Glance
- Contents
- About the Author
- About the Technical Reviewer
- Acknowledgments
- Introduction
- Chapter 1: Managed APIs
- Chapter 2: Security by Design
- Chapter 3: HTTP Basic/Digest Authentication
- Chapter 4: Mutual Authentication with TLS
- Chapter 5: Identity Delegation
- Chapter 6: OAuth 1.0
- Chapter 7: OAuth 2.0
- Chapter 8: OAuth 2.0 MAC Token Profile
- Chapter 9: OAuth 2.0 Profiles
- Chapter 10: User Managed Access (UMA)
- Chapter 11: Federation
- Chapter 12: OpenID Connect
- Chapter 13: JWT, JWS, and JWE
-
Chapter 14: Patterns and Practices
- Direct Authentication with the Trusted Subsystem Pattern
- Single Sign-On with the Delegated Access Control Pattern
- Single Sign-On with the Integrated Windows Authentication Pattern
- Identity Proxy with the Delegated Access Control Pattern
- Delegated Access Control with the JSON Web Token Pattern
- Nonrepudiation with the JSON Web Signature Pattern
- Chained Access Delegation Pattern
- Trusted Master Access Delegation Pattern
- Resource Security Token Service (STS) with the Delegated Access Control Pattern
- Delegated Access Control with the Hidden Credentials Pattern
- Summary
- Index
Product information
- Title: Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE
- Author(s):
- Release date: August 2014
- Publisher(s): Apress
- ISBN: 9781430268178