As you design an API you’ll run into a few questions. How should you authenticate your users? Are there cases where you don’t even need to? There are a variety of authentication methods, which one is the best? It’s time to talk about API security – at least one aspect of it.
Each method has strengths and weaknesses, and the right authentication method depends on a few things: the kind of API you’re building, the users that consume it, and the context of the authentication. A client-side browser application shouldn’t use the same authentication mechanism as an API that serves data to other web services.
In this session, we’ll cover various authentication methods, and gain an understanding of the similarities and differences of the underlying mechanisms. We’ll also consider various use cases and the authentication concerns they introduce.