Require details regarding how authentication is handled as part of API security.
Authentication
Strategies
API Authorization Is Properly Defined and Enforced
Authentication gets you in the door, but authorization determines what you can actually do once you are inside. I see a lot of APIs where this is fuzzy--roles are poorly defined, permissions are to...
API Authentication Is Standardized
Authentication is one of those building blocks where consistency matters more than almost anything else. OAuth, JWT, API keys with proper scopes--pick your standards and apply them uniformly. When ...