Information about the authentication in use for a single API, or across many APIs.
Authentication
Experiences
Access
I keep seeing teams struggle with getting consumers proper access to their APIs. The sign-up, authentication, and authorization process is where you lose people before they ever make their first AP...
Security
Security is the area where I see the most gap between what teams think they have covered and what's actually happening. The surface area of APIs keeps growing, and most organizations aren't keeping...
Policies
JWT (Authentication)
JWT is a common pattern I see across the API landscape for authentication. Having a policy around how JWTs are used keeps things consistent and prevents teams from rolling their own approach.
Keys (Authentication)
API keys are the most basic building block of API authentication. A policy here makes sure keys are handled consistently and not just thrown around without any standards in place.
OAuth (Authentication)
OAuth is the standard I see most often when APIs need proper authorization flows. Having a clear policy around OAuth usage keeps the implementation consistent and reduces security surface area.
Authentication
Authentication details should always travel with the API contract. I have seen too many situations where developers can find the docs but have no idea how to actually authenticate. That information...
Getting Started Authentication
The getting started experience needs to cover authentication clearly. If a new consumer can not figure out how to authenticate quickly, you have already lost them.
Authentication
Authentication details should always travel with the API contract. I have seen too many situations where developers can find the docs but have no idea how to actually authenticate. That information...
Authorization
Authorization is where you define what authenticated consumers can actually do. RBAC, ABAC, and permission models determine the boundaries of access, and getting this right is critical.