API Protection with OAuth 2.0

APIs are now the standard entry point to the majority of newly created ‘back-end’ functionality. These APIs exist to provide not only a standardised, structured way to access the required features or functions, but also to act as ‘gatekeepers’, ensuring appropriate security, auditing, accounting etc.

Security is always underpinned by identity and as such APIs need to know, if not who is accessing them, what is the context in which they are being accessed. A variety of techniques of passing either authentication or authorisation data have been used over the years - from additional username/password parameters, to API keys, to full blown OAuth 2.0 based token support.

The whitepaper linked below looks at the background to OAuth 2.0 API protection and seeks to dispel some of the complexity and the myths that still surround this approach.