Need help with your APIs? I offer API discovery, governance & evangelism services. Explore services →
API Evangelist API Evangelist
Learnings
Guidance
Toolbox
Alignment
API Evangelist LLC

OpenAPI Security

Requiring that OpenAPI security meet the policy standards.

Rules

OpenAPI Security Schemes Error

Having components security schemes ensures that the security definition for an API have been standardized and are able to be applied across APIs

OpenAPI Security Schemes Info

Having components security schemes ensures that the security definition for an API have been standardized and are able to be applied across APIs

Strategies

API Authentication Is Standardized

All APIs must use standardized authentication mechanisms including OAuth, JWT, and API keys with properly defined scopes, ensuring that security is consistently implemented and that consumers have ...

API Authorization Is Properly Defined and Enforced

All APIs must have clearly defined authorization models that control what authenticated consumers can access and perform, using role-based or attribute-based access control to ensure that permissio...

Operations Must Always Be Secure

Individual API operations should always be properly secured during design, develop, and run-time, making sure data, credentials, logs, and all other related resources are properly secured and opera...

Lifecycle

design_services Design Design

Design is where the human experience of an API is won or lost. I work design-first, shaping the paths, schema, errors, and naming in the contract before development begins, so that consistency is b...

security Security Production

Security runs through every stop on this lifecycle, but it also deserves its own attention. OWASP alignment, vulnerability scanning, and defense in depth protect both the provider and the consumer....