Understanding Security Basics
The key to understanding API security is to focus on two related elements: identity and access control. These work at the API level. In other words, when you are implementing the API, you need to decide if and when youâll apply identity and access control checks.
Itâs also important to understand the role of encryption as an additional layer of security. For HTTP-based APIs, this works at the protocol level. The most common way to recognize the use of encryption on the web is through the use of the https identifier (called a URI scheme) instead of the http identifier in your URLs.
These two itemsâidentity/access control and encryptionâcan work independently of one another too. In this first part of the ...
Get Design and Build Great Web APIs now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
