Having quality control over Identity is a core facet of properly managing access to APIs. Learn to implement strong identity control mechanisms for access management across user instances and devices.

Related articles

Standardized User Management With SCIM

An Introduction to System for Cross-domain Identity Management (SCIM) What is SCIM? SCIM stands for “System for Cross-domain Identity Management” and is firstly a standardized way of representing users, groups, and anything related. Secondly, SCIM helps to standardize methods for acting on this data, such as creating, querying, searching, updating, and eting. In other words,…

Read More

3 Common Methods of API Authentication Explained

APIs handle enormous amounts of data of a wiy varying type – accordingly, one of the chief concerns of any data provider is how specifically to secure this data. The idea that data should be secret, that it should be unchanged, and that it should be available for manipulation is key to any conversation on…

Read More

Designing API Usage Guidelines For Bot Clients

In the spring of 2017, published a series of guiines for automated API users utilizing bots. These guiines were created to help control the intent, actions, and result of bots on the service. Accordingly, there was some discussion about just what these guiines did and didn’t do, and how valuable such a set of…

Read More

Security Points to Consider Before Implementing GraphQL

GraphQL is a very powerful query language that does a great many things right. When implemented properly, GraphQL offers an extremely elegant methodology for data retrieval, backend stability, and increased query efficiency. The key here though is that simple phrase — when implemented properly. GraphQL has had somewhat of a gold rush adoption, with…

Read More

How to Handle Batch Processing with OAuth 2.0

Recently on the Nordic APIs channel we’ve had a few people ask — how do you handle batch processes that are secured with OAuth 2.0? Batch requests are ones executed automatically or programmed to repeat recurringly. Usually we use OAuth to confirm user identity for API calls, but the problem is that OAuth 2.0 isn’t…

Read More

Decouple User Identity from API Design to Build Scalable Microservices

How does one go about securing APIs, microservices, and websites? One way to do this is by focusing on the identity — knowing who the caller is, and what the caller is allowed to do with your data. Too often, though, providers rely too heavily on user social identity, pairing it way too closely with…

Read More