11 API authorization and authentication

This chapter covers

Using Open Authorization to allow access to our APIs
Using OpenID Connect to verify the identity of our API users
What kinds of authorization flows exist, and which flow is more suitable for each authorization scenario
Understanding JSON Web Tokens (JWT) and using Python’s PyJWT library to produce and validate them
Adding authentication and authorization middleware to our APIs

In 2018, a weakness in the API authentication system of the US postal system (https://usps.com) allowed hackers to obtain data from 60 million users, including their email addresses, phone numbers, and other personal details.¹ API security attacks like this have become more and more common, with an estimated ...

Get Microservice APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microservice APIs by Jose Haro

11 API authorization and authentication

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly