Jump to ratings and reviews
Rate this book

Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE

Rate this book

Advanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs.

API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. Security is not an afterthought, but API security has evolved a lot in last five years. The growth of standards, out there, has been exponential.

That's where AdvancedAPI Security comes in--to wade through the weeds and help you keep the bad guys away while realizing the internal and external benefits of developing APIs for your services. Our expert author guides you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. The book will explain, in depth, securing APIs from quite traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it.

Build APIs with rock-solid security today with Advanced API Security.

Takes you through the best practices in designing APIs for rock-solid security. Provides an in depth tutorial of most widely adopted security standards for API security. Teaches you how to compare and contrast different security standards/protocols to find out what suits your business needs the best.

What you’ll learn Build APIs with rock-solid security by understanding best practices and design guidelines. Get a thorough understanding about widely adopted security standards for API security. Compare and contrast different security standards/protocols to find out what suits your business needs, the best. Expand business APIs to partners and outsiders with Identity Federation. Get hands-on experience in developing clients against Facebook, Twitter, and Salesforce APIs. Understand and learn how to mitigate security threats. Who this book is for

Advanced API Security is for enterprise security architects and developers who are designing, building and managing APIs. The book will provide guidelines, best practices in designing APIs and threat mitigation techniques for enterprise security architects while developers would be able to gain hands-on experience by developing API clients against Facebook, Twitter, Salesforce and many other cloud service providers.

251 pages, Kindle Edition

First published August 10, 2014

Loading interface...
Loading interface...

About the author

Prabath Siriwardena

14 books16 followers

Ratings & Reviews

What do you think?
Rate this book

Friends & Following

Create a free account to discover what your friends think of this book!

Community Reviews

5 stars
7 (17%)
4 stars
16 (41%)
3 stars
14 (35%)
2 stars
1 (2%)
1 star
1 (2%)
Displaying 1 - 4 of 4 reviews
Profile Image for Victor.
41 reviews8 followers
September 16, 2016
This is a good and well written book that I recommend. It starts with the basic concepts of API Security, then it goes through the evolution of Web API Security - from HTTP Basic Authentication to OAuth 2.0 and OpenID Connect - and it closes with the most common enterprise security patterns.

The theoretical part is backed up by many practical examples written in Java, using Apache Tomcat, WSO2 Identity Server and cURL. These examples showcase how to call some of the most well known APIs - Facebook, Google, Salesforce, etc. Even if you're not a Java developer, the examples are accessible, since they focus on the interactions with the APIs.

You can find a more detailed review on my blog
November 18, 2019
I found the book difficult to read and follow. There was a lot of unimportant content like history of the working groups, and organisations. When I am picking the technical book I want to get to know why I should be using something and why it’s better than alternatives. This book didn’t give me any of that.

I know there is advanced in the title but I would expect a bit more in depth explanation on the concept and ideas behind and not try diagrams with explanations of payloads and repeated examples. I didn’t like java examples with almost every line (including system out) having comments. I thought it’s book for professionals?

Still need to find the good book about the security, how we should design authentication/authorisation in smaller/bigger Projects. If anyone knows something like that please suggest /)
Author 14 books16 followers
August 11, 2016
This book is about securing your most important APIs. As is the case with any software system design, people tend to ignore the security element during the API design phase. Only at deployment or at the time of integration do they start to address security. Security should never be an afterthought—it’s an integral part of any software system design, and it should be well thought out from the design’s inception. One objective of this book is to educate you about the need for security and the available options for securing an API. Th e book also guides you through the process and shares best practices for designing APIs for rock-solid security.

API security has evolved a lot in the last five years. The growth of standards has been exponential. OAuth 2.0 is the most widely adopted standard. But it’s more than just a standard—it’s a framework that lets people build standards on top of it. Th e book explains in depth how to secure APIs, from traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it, such as OpenID Connect, User Managed Access (UMA), and many more. JSON plays a major role in API communication. Most of the APIs developed today support only JSON, not XML. Th is book also focuses on JSON security. JSON Web Encryption (JWE) and JSON Web Signature (JWS) are two increasingly popular standards for securing JSON messages. The latter part of this book covers JWE and JWS in detail.

Another major objective of this book is to not just present concepts and theories, but also explain each of them with concrete examples. The book presents a comprehensive set of examples that work with APIs from Google, Twitter, Facebook, Yahoo!, Salesforce, Flickr, and GitHub. Th e evolution of API security is another topic covered in the book. It’s extremely useful to understand how security protocols were designed in the past and how the drawbacks discovered in them pushed us to where we are today. Th e book covers some older security protocols such as Flickr Authentication, Yahoo! BBAuth, Google AuthSub, Google ClientLogin, and ProtectServe in detail.

I hope this book effectively covers this much-needed subject matter for API developers, and I hope you enjoy reading it.
Profile Image for Tom Schulte.
2,931 reviews58 followers
June 10, 2015
Very good overview for interacting with and securing APIs, including setting up with Salesforce, etc. The examples are JAVA, so it is not as useful for this .NET developer, but I find this volume very complete, detailed and well arrayed.
Displaying 1 - 4 of 4 reviews

Can't find what you're looking for?

Get help and learn more about the design.