Chapter 5. Secure API Development

In this chapter, we focus on secure API development by showing how to implement zero-trust authorization in OAuth-secured APIs. We first explain how to enable unified API security with JWT access tokens. You then learn how to validate JWT access tokens and how to utilize the token data to implement API authorization logic. We then discuss how to handle access token expiration to ensure end-to-end API reliability. As you have to test your APIs, we also show a productive method for testing zero-trust APIs. Finally, we demonstrate the theory with an API code example.

Let’s get started by showing how JWT access tokens can enable you to use the same API security code for all types of clients.

Unified API Security with JWT Access Tokens

Different types of client applications have their own best practices for sending access tokens. You should understand that your API ...

Get Cloud Native Data Security with OAuth now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cloud Native Data Security with OAuth by Gary Archer, Judith Kahrer, Michał Trojanowski

Chapter 5. Secure API Development

Unified API Security with JWT Access Tokens

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly