We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Overcoming access control in web APIs

Formal Metadata

Title
Overcoming access control in web APIs
Subtitle
How to address security concerns using Sanic
Title of Series
Number of Parts
130
Author
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Great, you've developed a great web API. Awesome, you are about to deploy it. But, how do you secure it and manage access? Learn about different approaches to securing a web API whether it is meant for third-party integrations or driving a modern single-page application. Not all APIs are the same, so we will explore different considerations to make when crafting a solution to handle token-based authentication, and scoping to define access levels. As one of the core developers of the async web framework Sanic, I will primarily focus on authentication and authorization tools inside Sanic to showcase how to address these issues. However, the concepts should be broadly applicable enough to take back and apply to any web API. The goal is to learn the hot spots, and identify strategies to overcome them. Core take aways will include: - how to implement various JWT strategies; - best practices for storing JWTs on a browser; and - controlling access privileges using structured scopes. Time permitting, we will even discuss some tools to be used to help ease the anxiety and make security more approachable.