Adam Hopkins - Overcoming access control in web APIs
"Overcoming access control in web APIs
EuroPython 2020 - Talk - 2020-07-24 - Microsoft
Online
By Adam Hopkins
Great, you've developed a great web API. Awesome, you are about to deploy it. But, how do you secure it and manage access?
Learn about different approaches to securing a web API whether it is meant for third-party integrations or driving a modern single-page application. Not all APIs are the same, so we will explore different considerations to make when crafting a solution to handle token-based authentication, and scoping to define access levels.
As one of the core developers of the async web framework Sanic, I will primarily focus on authentication and authorization tools inside Sanic to showcase how to address these issues. However, the concepts should be broadly applicable enough to take back and apply to any web API. The goal is to learn the hot spots, and identify strategies to overcome them.
Core take aways will include:
how to implement various JWT strategies;
best practices for storing JWTs on a browser; and
controlling access privileges using structured scopes.
Time permitting, we will even discuss some tools to be used to help ease the anxiety and make security more approachable.
License: This video is licensed under the CC BY-NC-SA 3.0 license: https://creativecommons.org/licenses/...
Please see our speaker release agreement for details: https://ep2020.europython.eu/events/s...
"
Watch video Adam Hopkins - Overcoming access control in web APIs online without registration, duration hours minute second in high quality. This video was added by user EuroPython Conference 28 September 2020, don't forget to share it with your friends and acquaintances, it has been viewed on our site 831 once and liked it 19 people.