This reference card is about security principles. We help you to understand which protocols you should or shouldn’t use. We present OAuth2 flows and their context of use. We explain the scoping principle, which is often misunderstood. We also give details on the OpenID Connect protocol principles, of JWT and claims. Finally, we share the common mistakes that we encountered with our clients, when securing APIs.
When implementing an API, security issues quickly arise. This is a major challenge, as the Open API principle is to build an « open ecosystem », through the exposition of services usable by third parties, without knowing how it will be used. Besides, using REST and the Web technologies has an impact on the way you secure your services, even for an internal or private usage of your API.