API Security Resource Guide
To say that securing the data that is communicated and transacted among applications is one of the biggest concerns for software vendors and online services is accurate, but a huge understatement. Since data is essentially the currency with which companies attract users and conduct business, there is no room for it to be compromised. A single breach of trust between company and customer (or partner, supplier or any other participant in the ecosystem) will result in a dramatic reduction in credibility. Considering how quickly and easily people can change the providers they work with, this could have draconian repercussions on any organization.
Consider recent security breaches that have made headlines, put businesses in jeopardy, and created global security risks: the NSA spying case, WikiLeaks, Snapchat's customer phone number breach; these are just a few of the major issues that have happened recently. They have put a renewed focus on how important it is to ensure the privacy of data, while still keeping it flexible enough to do its job.
APIs are the engine of all these transactions of data, commerce and communication, so naturally we obsess about how to keep APIs and the data they work with, secure and authenticated. Our conversations with customers and partners all usually come back to security at some point. We want you, as stakeholders in SOA Software, to understand what it means to create and work in a secure application environment, so we've created this resource guide to give you a primer on API Security:
General API Security:
- API Security: Creating a Solid Foundation: Web APIs heighten security exposure for enterprise information assets across the big three of information security: Confidentiality, integrity and reliability.
- OAuth Community: OAuth developer community.
- OAuth Server: when interacting with other apps and APIs, OAuth is the most flexible and usable solution.
- What is OAuth: video that explains OAuth and how you can apply it.
- Amazon Web Services – Overview of Security Processes: a great guide to API and application security considerations, from Amazon.
- Sharing Data Securely: explains what’s necessary to provide security and authentication capabilities.
- OAuth Server: Share Data Securely for Mobile, APIs and Web Apps: Learn about our comprehensive security token server that integrates with enterprise identity and access management systems providing the latest Web and API security standards including OpenId and OAuth.
- API Security: Does My Business Need OAuth?:OAuth provides a comprehensive security mechanism to secure your application data and allow for collaborative development and usage.
API Security and Management with API Gateway
- API Gateway: for API security, integration, mediation and deployment.
- Anatomy of an API Gateway: an overview of how to use a gateway to manage your APIs.
- REST and the Promise of Secure and Efficient Application Delivery: how to take your data from different sources and make it available to users.
- API Gateway - Simplified Security and Management: The API gateway streamlines security, development, operation and management of APIs and SOA services.
- Faster, More, Better: Secure and Manage Your (API) Business with API Gateway: Create channels with APIs, but ensure that those channels are adequately secured.
Securing Mobile Apps
- APIs At The Heart of your Mobile App Strategy: Users want apps, and companies want users. The data they connect with has to be secure.
- Unified Security for APIs, Apps, and Mobile: Alistair Farquharson, CTO of SOA Software, describes issues and opportunities with private APIs that enable enterprise applications to communicate and transact with one another.
- Mobile Application Gateway: our solution for externalizing applications, services and data for mobile consumption.
- Unified Security for Mobile, APIs and the Web: This presentation explains the varioius security scenarios for your mobile and Web applications, and APIs. We go into the specifics of OAuth, SAML, SSO, authentication/authorization, policy, protection and a host of other related issues that will help you understand how to keep your data secure.