In chapter 12, you learned how to secure communications between devices using Datagram TLS (DTLS) and end-to-end security. In this chapter, you’ll learn how to secure access to APIs in Internet of Things (IoT) environments, including APIs provided by the devices themselves and cloud APIs the devices connect to. In its rise to become the dominant API security technology, OAuth2 is also popular for IoT applications, so you’ll learn about recent adaptations of OAuth2 for constrained devices in section 13.3. Finally, we’ll look at how to manage access control decisions when a device may be disconnected from other services for prolonged periods of time in section 13.4.