API-University

API-University

APIs your consumers will love

Menu

  • Books
    • API-University Book Club
    • RESTful API Design
    • REST & GraphQL
    • GraphQL API Design
    • AWS AppSync
    • Swagger & OpenAPI 2.0
    • Webhooks – Events for REST APIs
    • API Architecture
    • API Security with OAuth
    • OpenID Connect
    • Alexa Skills
    • API-University Series (Books 1 – 5)
    • Books by Other Authors
  • Courses
    • Workshops
    • OAuth 2.0
    • RESTful API Design
    • Digital Business with APIs
    • Courses by Other Authors
    • Practical Sessions …
      • OAuth 2.0 Diagrams
      • OAuth at Facebook
      • OAuth at LinkedIn
      • OAuth at Google
      • OAuth at PayPal
  • Blog
    • API-Review
    • API Security
    • API Design
    • API Business
  • Earn
    • API-Jobs
    • API-Fashion
    • Affiliate Program
  • About
    • Newsletter
    • API-University
    • Matthias
  • APIs your consumers will love
    • API Design Overview
    • API Domain Analysis
    • Architectural and Frontend Design
      • REST
      • GraphQL
    • API Prototyping
    • API Implementation
    • API Tools
    • API Security
      • OAuth
      • OpenID Connect
    • API Publication
    • API Evolution & Versioning

API Security

Three Common Misunderstandings about OpenID Connect

The top three things, that people do not understand about OpenID Connect. Misunderstanding 1: “We already got OAuth, so we don’t need OpenID Connect” Great, that you have OAuth. If you have it long enough, you probably have a big

mattbiehl 2019-02-112019-02-15 API Security, Blog Read more

OAuth 2 vs. OpenID Connect

For API security there are two standards — and both of their names start with the capital letter O. So it is no wonder, people ask all the time: What is the difference between OAuth 2 and OpenID Connect? The

mattbiehl 2019-02-112019-02-15 API Security, Blog Read more

New OpenID Connect Book Available Today!

How should we build signup and login for apps to increase app conversion? It needs to be simple. End-users tend to shy away from tedious onboarding processes or only get halfway through before they give up. How do some of

mattbiehl 2019-02-082019-02-15 API Security, Blog Read more

Spotify API – How to get an OAuth Access Token (API Review Series)

In this week’s episode, I review the Spotify API – more specifically the OAuth capability. My goal: get an OAuth Access Token for my app, so I can call the API. To achieve this goal, I will go to the

mattbiehl 2018-11-262019-02-15 API Security, API-Review, Blog Read more

The relation between OpenID Connect and OAuth 2

The OAuth standard ensures that there is no unintended leakage of information about the resource owner to the client. For example, it is ensured that the client does not get hold of the resource owner’s credentials. The OAuth standard ensures

mattbiehl 2015-06-102019-02-11 API Security, Blog Read more

Which Actors are involved in OAuth Flows?

OAuth is designed for distributed systems that consist of several actors with distinct roles. Just like the actors in a movie play specific roles so the story can evolve, each actor in an OAuth flow takes on a specific role

mattbiehl 2015-01-192015-06-22 API Security, Blog Read more

OAuth 2.0 Usage

In a previous post we have introduced OAuth as a framework for API Security. But how is OAuth used and which solutions can be enabled by it? In fact, most of OAuth is happening under the hood of modern cloud, mobile

mattbiehl 2015-01-082015-06-22 API Security, Blog Read more

What is OAuth 2?

If you are working with APIs I am sure you have heard about OAuth 2. It is used for securing access to APIs. OAuth 2 is a standard for delegating authorization for accessing resources via HTTP. OAuth 2 offers a

mattbiehl 2015-01-052015-08-02 API Security, Blog Read more

The Password Anti Pattern

People have gotten a bit sensitive about internet security and privacy. “Mobile apps, web-APIs and Cloud Services – yes, I like and use them, but … is my data really secure there? Can I control what happens to my data

mattbiehl 2015-01-022015-08-02 API Security, Blog Read more

Categories

  • API Architecture
  • API Business
  • API Design
  • API Security
  • API Strategy
  • API-Review
  • AWS AppSync
  • Blog
  • GraphQL
  • REST
  • Webhooks

Recent Posts

  • API Days Australia Melbourne 2019
  • gRPC
  • REST APIs with HATEOAS
  • REST-like APIs with the Richardson Maturity Index
  • The API Mandate

Tag Cloud

Alexa Amazon API API-Review API Design APIKey API Portal AppSync AWS Book Design Design Thinking Developer Portal Ecosystem Events GraphQL hateoas Identity Journey Map OAuth OpenID Connect Pattern rest Review Richardson Security Skill Spotify subscriptions Testing User Journey Voice Webhooks

API-University Series

The API-University Book Series is a modular series of books on API-related topics. Each book focuses on a particular API topic, so you can select the topics within APIs, which are relevant to you. Want them all? Join the API-University

Read more
Copyright © 2019 API-University. Powered by WordPress. Theme: Spacious by ThemeGrill.