API security

Safeguard your API platform

Secure your API with impenetrable security mechanisms. Master the use of OAuth, OpenID, and more to embed identity management across the entire platform.

Advice on API Security



Virtualization, Sandboxes, and Playgrounds for a Wholesome API

An API is only as good as it is known. Getting an API into a developer’s hands, demonstrating the power of your solution, and providing an environment in which they can test and manipulate data in a controlled, monitored way is perhaps one of the most important unsung heroes of API publication. Having an awesome,…

Read More

Tips and Tools for Debugging APIs

Tips and Tools for Debugging APIs

Benjamin Franklin once famously said “in this world nothing can be said to be certain, except death and taxes”. For the software developer, the saying should be amended to read “except death and taxes — and software bugs.” It’s an unfortunate fact that the very nature of software development, especially in the collaborative environments popular…

Read More

review of sapience API security auditing

Walkthrough of APIware’s Sapience API Security Validation Tool

These days, APIs need to be strong. They need to be versatile to change, and must triumph in the face of malicious schemes hackers use to disrupt core systems. But how does a provider consistently maintain security across their API platform, and consistently check to see that security is maintained throughout continuous code deployments? As…

Read More


API Keys ≠ Security: Why API Keys Are Not Enough

Despite the alluring simplicity and ease of utilizing API Keys, the shifting of security responsibility, lack of granular control, and misunderstanding of purpose and use amongst most developers makes solely relying on API Keys a poor decision. More than just protecting API keys, we need to program robust identity control and access management features to safeguard the entire API platform….


World War API: Understanding the Enemy

The virtual world stage is ever evolving, and unfortunately, the physical conflicts of yesterday are quickly becoming the digital conflicts of today. States, groups, and individuals are poised to wage digital warfare for a variety of political, economic, and social reasons. And, as with any conflict, civilian data — and civilian architecture — are prone…

Read More


API Security: Deep Dive into OAuth and OpenID Connect

OAuth 2 and OpenID Connect are fundamental to securing your APIs. To protect the data that your services expose, you must use them. They are complicated though, so we wanted to go into some depth about these standards to help you deploy them correctly. OAuth and OpenID Connect in Context Always be aware that OAuth…

Read More

vector identity card of the person, badge, identification card. flat design.

How To Control User Identity Within Microservices

Everyone’s excited about microservices, but actual implementation is sparse. Perhaps the reason is that people are unclear on how these services talk to one another; especially tricky is properly maintaining identity and access management throughout a sea of independent services. Unlike a traditional monolithic structure that may have a single security portal, microservices pose many…

Read More


Maintaining API Security in a Continuous Delivery Environment

Continuous delivery is a hallmark of the modern development world. As tools have matured and the needs of the consumer have evolved, constant development and deployment have become the norm rather than the exception. With this increase in deployment, security has increased part and parcel. In this piece, we’re going to discuss how to maintain…

Read More


3 Unique Authorization Applications of OpenID Connect

If widely adopted, OpenID Connect could transform identity control by enabling single sign-on, increasing information security, and helping to manage identity throughout the Internet of Things. Within this post, we’ll dive into these three use cases on using OpenID Connect to securely manage user identity.


Token Design for a Better API Architecture

Little details like tokens can sometimes help structure complex API architectures. In this piece we’re going to have a look at different architectures, and ultimately see how a better way to design tokens can lead to a more performant result. Consider the role of tokens within two facets of API design, access control and data…

Read More


API Security: The 4 Defenses of The API Stronghold

This article aims to bolster your API defenses by outlining the four foundations of API security: Authentication, Authorization, Federation, and Delegation. At one point or another, your secure resources will be attacked. This is the unfortunate reality of the modern era, where the skills necessary to invasively crack open a system, network, or API are more commonplace than ever.

More posts on API Security

Sessions on API Security


OAuth and OpenID Connect Deep Dive
Travis Spencer - Twobo Technologies - September 2013

OAuth and OpenID Connect are the two most important security specs that API providers need to be aware of. In this session, Travis Spencer, CEO of Twobo Technologies, will cram in as much about these two protocols as will fit into 25 minutes.

Integrating API Security Into A Comprehensive Identity Platform
Pam Dingle - Ping Identity. Nordic APIs World Tour 2015: May 11 - Copenhagen.

OAuth 2.0 and OAuth-based protocols are considered best practice in API Security – but what would those protocols look like as part of an overall Identity strategy? Pamela Dingle talks about the value proposition and best practices around integrating a standards-based API Security framework into an overall identity infrastructure initiative.

OpenID Connect and its role in Native SSO
Paul Madsen - Ping Identity - September 18-19 2013.

If widely adopted, OpenID Connect could transform identity control by enabling single sign-on, increasing information security, and helping to manage identity throughout the Internet of Things. Within this post, we’ll dive into these three use cases on using OpenID Connect to securely manage user identity.

Building a secure API
Travis Spencer - Twobo Technologies

Presented at Nordic APIs in Stockholm. Travis Spencer gives an overview of the techniques and technologies needed to launch a secure API.

More sessions on API Security

Ebooks on API Security


Securing The API Stronghold

Digital security is more and more a pressing concern. In the API and microservices world, the proper access management needs to be seriously addressed to ensure your digital assets are securely distributed. Nordic APIs has compiled our most vital advice into a single eBook. We outline security stacks and workflows using modern technologies such as…

Read More