Security by Design
Security isn’t an afterthought. It has to be an integral part of any development project and also for APIs. It starts with requirements gathering and proceeds through the Design, Development, Testing, Deployment, and Monitoring phases.
Security brings a plethora of challenges into system design. It’s hard to build a 100% secured system, at least in theory. The only thing you can do is to make the attacker’s job harder.
The most challenging thing in any security design is to find and maintain the right balance between security and the user comfort. Say you have the most complex password ...