CHAPTER 2

image

Security by Design

Security isn’t an afterthought. It has to be an integral part of any development project and also for APIs. It starts with requirements gathering and proceeds through the Design, Development, Testing, Deployment, and Monitoring phases.

Design Challenges

Security brings a plethora of challenges into system design. It’s hard to build a 100% secured system, at least in theory. The only thing you can do is to make the attacker’s job harder.

User Comfort

The most challenging thing in any security design is to find and maintain the right balance between security and the user comfort. Say you have the most complex password ...

Get Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.