Authentication is where access begins. Keys, OAuth, JWT, and mTLS each make sense in different contexts, and I pick the approach that fits the consumer and the risk. Getting authentication right is what makes an API both usable and defensible at the same time.
Authentication
Policies at this stop
Agent-Scoped Authentication
I require that APIs support authentication credentials scoped specifically to agents, so that an autonomous consumer acts under its own narrowly-bound identity with least-privilege scopes rather th...
JWT (Authentication)
Require JWT usage meets standards set by authentication policies.
Keys (Authentication)
Require the API key usage meets standards set by authentication policies.
OAuth (Authentication)
Require that OAuth usage meets standards set by authentication policies.
Scopes (Authentication)
Require Oauth scopes meets standards set by authentication policies.
Authentication
The details for how to authenticate with an API should always be part of the business and technical contracts for an API. Information on how to authenticate with an API should be readily available ...
Getting Started Authentication
Needs description.
Authentication
Require details regarding how authentication is handled as part of API security.