Exploring API Security with Apigee

Blog

July 27, 2017

TABLE OF CONTENTS

Keeping Your APIs Secure for Multiple User Types

In an enterprise API management platform, applications acting on behalf of customers and consumers, internal business units and employees, and external organizations and their employees, are likely functioning as both API providers and consumers.

In many cases, applications acting at the behest of consumers will also represent the largest group of API consumers. As a result, these systems must be able to securely support multiple user communities while allowing for scalability, availability, and reliability—without increasing complexity.

Read the full post here.

Design Principles for Seamless User Authentication

This post continues the discussion from the previous article regarding authentication across multiple user communities. It briefly explores identity design pattern recommendations for these situations.

Read the full post here.

An Alternative to Delegated Access in the Enterprise

Extending OAuth2 and OpenID Connect as the enterprise standard for API security

OAuth2 and OpenID Connect (OIDC) have their origins in the concept of delegated access (think three-legged OAuth). These protocols are designed around the notion that the resource owner is an end-user. For the enterprise, however, the business may own the data and have control over when to grant access. This article explores how an enterprise IT organization may go about defining the policies around such access.

Read the full post here.

Identity Propagation in an API Gateway Architecture

As enterprises continue to broaden their usage of APIs, the need to increase security around those APIs also grows. One way to fortify security and strengthen auditing and authentication is the transmission of an authenticated user’s security context from the front end of a request pipeline, past the API gateway, and through to the back-end implementation of an API or service.

End-to-end transmission of an authenticated user’s security context aids API-based systems by improving overall security, cancelling out the use of generic (privileged) accounts, administering a protected audit mechanism (of traffic traversing the system), and backing cutting-edge authentication use cases.

Read the full post here.

For all things API, visit Apigee.com.

Authored By

Robert C. Broeckelmann Jr.

RECOMMENDED CONTENT

API Design: GraphQL vs. REST

Blog

Everything You Need to Know About the California Consumer Privacy Act (CCPA) and How to Be Compliant

Blog

What is a Data Lake? A Primer on Big Data Storage

Blog

Meet our Experts

Robert C. Broeckelmann Jr.

Related Content

API Design: GraphQL vs. REST

API design is crucial, giving structure to application interaction. Given cross-functional teams and applications, development time is reduced with a clear, intuitive way to access data. API development often follows two approaches: REST and GraphQL.

Blog

Feb 07

Everything You Need to Know About the California Consumer Privacy Act (CCPA) and How to Be Compliant

As of June 2018, the state of California passed a new privacy law that could lead to more consequences for US-based companies than the European Union’s General Data Protection Regulation (GDPR). Here's what you need to know and how to be compliant.

Blog

Feb 07

Let's chat.

You're doing big things, and big things come with big challenges. We're here to help.

Access the Blog

By clicking the button below you agree to our Terms of Service and Privacy Policy.

levvel mark white

Let's improve the world together.

levvel-mark-mint

© Levvel 2020