Need help with your APIs? I offer API discovery, governance & evangelism services. Explore services →
API Evangelist API Evangelist
Learnings
Guidance
Toolbox
Alignment
API Evangelist LLC

Authentication

Develop Stop 8

Authentication is where access begins. Keys, OAuth, JWT, and mTLS each make sense in different contexts, and I pick the approach that fits the consumer and the risk. Getting authentication right is what makes an API both usable and defensible at the same time.

Policies at this stop

Agent-Scoped Authentication

I require that APIs support authentication credentials scoped specifically to agents, so that an autonomous consumer acts under its own narrowly-bound identity with least-privilege scopes rather th...

JWT (Authentication)

Require JWT usage meets standards set by authentication policies.

Keys (Authentication)

Require the API key usage meets standards set by authentication policies.

OAuth (Authentication)

Require that OAuth usage meets standards set by authentication policies.

Scopes (Authentication)

Require Oauth scopes meets standards set by authentication policies.

Authentication

The details for how to authenticate with an API should always be part of the business and technical contracts for an API. Information on how to authenticate with an API should be readily available ...

Getting Started Authentication

Needs description.

Authentication

Require details regarding how authentication is handled as part of API security.