welcome

What does it take to protect an API? I faced this question many years ago when I started to build my first APIs. And the question stuck. The ensuing years were a fascinating journey of delving into the intricacies of API security. Is it API tokens? What kinds of tokens? How does Open Authorization work? How does it relate to OpenID Connect? How do you prevent SQL injection? How do you detect thresats in real-time? When do you know you’ve done enough to secure your APIs?

If these questions are boiling in your mind, you’ve come to the right place, or so I hope! The goal of this book is to answer all those questions and more. And we’re going to tackle those questions with practical examples. In my experience, it’s not enough to know what SQL injection is. The aha! moment comes when you see it in action and can correlate it with a specific bit of code. The same is true for all other API security exploits. This means you’ll find tons of coding examples in the book, and I highly encourage you to go through them in detail, run the code, and play around with it.