contents

contents

acknowledgments

about this book

about the author

about the cover illustration

Part 1. Foundations

1 What is API security?

1.1 An analogy: Taking your driving test

1.2 What is an API?

1.3 API security in context

A typical API deployment

1.4 Elements of API security

Environments and threat models

1.5 Security mechanisms

Identification and authentication

Access control and authorization

2 Secure API development

2.1 The Natter API

Overview of the Natter API

Implementation overview

Setting up the project

Initializing the database

@font-face { font-family: 'livebook'; src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0'); src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0') format('embedded-opentype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.woff?1.9.0') format('woff'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.ttf?1.9.0') format('truetype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.svg?1.9.0') format('svg'); font-weight: normal; font-style: normal; }