Thank you for purchasing the MEAP of API Security in Action.
Remotely accessible APIs are everywhere, from web-based REST APIs, to microservices, and the Internet of Things (IoT). This book will help you understand the threats against those APIs and how you can defend them. Whether you are a developer tasked with implementing API protections, a technical architect, or a BA making a buy or build decision, this book will help you understand what you need and how to achieve it.
In my day job as security director at ForgeRock, a leading identity and access management software company, I spend a lot of time securing our own APIs and advising customers how best to secure their own. In recent years, several mature technologies have emerged for API security, including OAuth 2 and JSON Web Tokens, but the security advice and threat landscape have evolved over time so that old patterns have been updated. At the same time, APIs have migrated from being the front-door to a monolithic system to being at the core of microservice interactions in large-scale Kubernetes deployments and now the emerging IoT market. These new environments bring new security challenges, so this book aims to bring you right up to date with the latest security best practices.