2. Different kinds of APIs
https://ffeathers.wordpress.com/2014/02/16/api-types/
3. REST API Security Best Practice
OWASP - Open Web Application Security Project
https://www.owasp.org/index.php/REST_Security_
Cheat_Sheet
https://dzone.com/articles/top-5-rest-api-security-
guidelines
5. OAuth2
“Open Authentication” (??)
Authorization delegation
An authorization framework
Defined by RFC 6749 and 6750
OAuth 1 is defined by RFC 5849
OAuth 1 and OAuth 2 are not compatible
8. OAuth2 Authorization Grants
Different ways of getting a token
Authorization code,
Implicit grant,
Resource owner password credentials and
Client credentials
Which OAuth 2.0 flow should I use?