API Security in Action

  • 10h 25m
  • Neil Madden
  • Manning Publications
  • 2020

API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography.

Summary

A web API is an efficient way to communicate with an application or service. However, this convenience opens your systems to new security risks. API Security in Action gives you the skills to build strong, safe APIs you can confidently expose to the world. Inside, you’ll learn to construct secure and scalable REST APIs, deliver machine-to-machine interaction in a microservices architecture, and provide protection in resource-constrained IoT (Internet of Things) environments.

About the technology

APIs control data sharing in every service, server, data store, and web client. Modern data-centric designs—including microservices and cloud-native applications—demand a comprehensive, multi-layered approach to security for both private and public-facing APIs.

About the book

API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography. When you’re done, you’ll be able to create APIs that stand up to complex threat models and hostile environments.

What's inside

  • Authentication
  • Authorization
  • Audit logging
  • Rate limiting
  • Encryption

About the reader

For developers with experience building RESTful APIs. Examples are in Java.

About the Author

Neil Madden has in-depth knowledge of applied cryptography, application security, and current API security technologies. He holds a Ph.D. in Computer Science.

In this Book

  • About This Book
  • What is API Security?
  • Secure API Development
  • Securing the Natter API
  • Session Cookie Authentication
  • Modern Token-Based Authentication
  • Self-Contained Tokens and JWTs
  • OAuth2 and OpenID Connect
  • Identity-Based Access Control
  • Capability-Based Security and Macaroons
  • Microservice APIs in Kubernetes
  • Securing Service-to-Service APIs
  • Securing IoT Communications
  • Securing IoT APIs
SHOW MORE
FREE ACCESS

PEOPLE WHO VIEWED THIS ALSO VIEWED THESE

Rating 4.4 of 276 users Rating 4.4 of 276 users (276)
Rating 4.5 of 6 users Rating 4.5 of 6 users (6)