Tag Archives: api security


Choosing API Security Options Fostering API Ecosystems

Choosing appropriate API security options will help you gain developer trust, increase API adoption, and build an effective API ecosystem.  While APIs are the ‘coolest’ and most effective mechanism to expose business functionalities out towards the outside world and inward to other teams, API security requires learning new technologies (i.e. OAuth, MAC token profiles, and JSON Web Token [JWT]) and retrofitting existing identity management architecture with token chaining and identity brokering.


Many mobile application developers and architects find API security and identity options are arcane, jargon-filled, and confusing.   They frequently ask whether selecting one choice over another is appropriate – and you need to cautiously identify and isolate  tradeoffs.  A robust API security platform can help guide you in the right direction.

API Security Basics

Security is not an afterthought. Incorporate security as an integral part of any application development project. The same approach applies to API development as well. API security has evolved significantly in the past five years. The recent standards growth has been exponential. OAuth and bearer tokens are the most widely adopted standard, and are possibly now the de-facto standard for API security.

What API security decisions should you consider?

Continue reading

SSO, Access Control, Federated Identity, and API Security – 2013 Webinar Roundup

In the security, identity, and entitlement space, popular 2013 WSO2 webinars described single sign-on (SSO), access control patterns, federated identity use cases, and API security practices.   As you prepare your 2014 plans, review how WSO2’s Identity and Entitlement Platform can simplify security best practice adoption. The following best-of 2013 resources are recapped below:

Continue reading