Book description
A web API is an efficient way to communicate with an application or service. However, this convenience opens your systems to new security risks. API Security in Action gives you the skills to build strong, safe APIs you can confidently expose to the world. Inside, you’ll learn to construct secure and scalable REST APIs, deliver machine-to-machine interaction in a microservices architecture, and provide protection in resource-constrained IoT (Internet of Things) environments.About the Technology
APIs control data sharing in every service, server, data store, and web client. Modern data-centric designs—including microservices and cloud-native applications—demand a comprehensive, multi-layered approach to security for both private and public-facing APIs.
About the Book
API Security in Action teaches you how to create secure APIs for any situation. By following this hands-on guide you’ll build a social network API while mastering techniques for flexible multi-user security, cloud key management, and lightweight cryptography. When you’re done, you’ll be able to create APIs that stand up to complex threat models and hostile environments.
What's Inside
- Authentication
- Authorization
- Audit logging
- Rate limiting
- Encryption
About the Reader
For developers with experience building RESTful APIs. Examples are in Java.
About the Author
Neil Madden has in-depth knowledge of applied cryptography, application security, and current API security technologies. He holds a Ph.D. in Computer Science.
Quotes
A comprehensive guide to designing and implementing secure services. A must-read book for all API practitioners who manage security.
- Gilberto Taccari, Penta
Anyone who wants an in-depth understanding of API security should read this.
- Bobby Lin, DBS Bank
I highly recommend this book to those developing APIs.
- Jorge Bo, Naranja X
The best comprehensive guide about API security I have read.
- Marc Roulleau, GIRO
Table of contents
- API Security in Action
- Copyright
- contents
- front matter
- Part 1. Foundations
- 1 What is API security?
- 2 Secure API development
- 3 Securing the Natter API
- Part 2. Token-based authentication
- 4 Session cookie authentication
- 5 Modern token-based authentication
- 6 Self-contained tokens and JWTs
- Part 3. Authorization
- 7 OAuth2 and OpenID Connect
- 8 Identity-based access control
- 9 Capability-based security and macaroons
- Part 4. Microservice APIs in Kubernetes
-
10 Microservice APIs in Kubernetes
- 10.1 Microservice APIs on Kubernetes
-
10.2 Deploying Natter on Kubernetes
- 10.2.1 Building H2 database as a Docker container
- 10.2.2 Deploying the database to Kubernetes
- 10.2.3 Building the Natter API as a Docker container
- 10.2.4 The link-preview microservice
- 10.2.5 Deploying the new microservice
- 10.2.6 Calling the link-preview microservice
- 10.2.7 Preventing SSRF attacks
- 10.2.8 DNS rebinding attacks
- 10.3 Securing microservice communications
- 10.4 Securing incoming requests
- Answers to pop quiz questions
- Summary
- 11 Securing service-to-service APIs
- Part 5. APIs for the Internet of Things
- 12 Securing IoT communications
- 13 Securing IoT APIs
- appendix A. Setting up Java and Maven
- appendix B. Setting up Kubernetes
- index
Product information
- Title: API Security in Action
- Author(s):
- Release date: January 2021
- Publisher(s): Manning Publications
- ISBN: 9781617296024
You might also like
book
Microservices Security in Action
Unlike traditional enterprise applications, Microservices applications are collections of independent components that function as a system. …
book
Solving Identity Management in Modern Applications: Demystifying OAuth 2, OpenID Connect, and SAML 2
Know how to design and use identity management to protect your application and the data it …
book
Solving Identity Management in Modern Applications: Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0
Know how to design and use identity management to protect your application and the data it …
book
Kubernetes: Up and Running, 3rd Edition
In just five years, Kubernetes has radically changed the way developers and ops personnel build, deploy, …