With the growth of cloud native applications, developers increasingly rely on APIs to make everything work. But security often lags behind, making APIs an attractive target for bad actors looking to access valuable business data. OAuth is a popular way to address this issue, but this open standard doesn't provide sufficient guidelines for using API tokens to protect business data. That alone can lead to vulnerabilities and invite data breaches.

By using cloud native components in Kubernetes or similar platforms, organizations can implement a scalable, future-proof security architecture for their systems that follows a zero-trust approach to protect business data. You'll access tokens, claims, and token design with an emphasis on an API-first approach. This book takes readers through an end-to-end security architecture that scales to many components in a cloud native environment, while only requiring simple security code in applications and APIs.

You'll learn:

Why user identity must be part of your cloud native security stack How to integrate user identity into APIs How to externalize security, secure data access, and authenticate clients using OAuth Methods for running security components in a Kubernetes cluster How to use claims to protect business data in APIs How to follow security best practices for client applications and APIs