All APIs must use standardized authentication mechanisms including OAuth, JWT, and API keys with properly defined scopes, ensuring that security is consistently implemented and that consumers have a predictable experience when authenticating across all APIs.
API Authentication Is Standardized
Policies
Authentication
Require details regarding how authentication is handled as part of API security.
OAuth (Authentication)
Require that OAuth usage meets standards set by authentication policies.
JWT (Authentication)
Require JWT usage meets standards set by authentication policies.
Keys (Authentication)
Require the API key usage meets standards set by authentication policies.
Scopes (Authentication)
Require Oauth scopes meets standards set by authentication policies.
OpenAPI Security
Requiring that OpenAPI security meet the policy standards.
Operation Security
Requiring that all operational security meets the policy standards.
Getting Started Authentication
Needs description.
Experiences
Security
API security is a top priority for any enterprise, with even higher standards for externally available APIs. However, security doesn’t end with the APIs an enterprise produces—it also applies to co...
Access
Gaining the necessary access to effectively use an API is often more challenging than it appears. Intentional and unintentional barriers can create friction in discovering and onboarding with an AP...
Onboarding
Transitioning from API discovery to integration as a consumer requires a well-defined and streamlined API onboarding process. Onboarding begins with discovery and relies heavily on clear documentat...
Consistency
Achieving consistency in the design, delivery, and maintenance of HTTP APIs across an enterprise is a significant challenge—one that often complicates API operations. Small differences, such as var...
Trust
Establish trust with API consumers will evolve and build over time, and is something that can be lost in a very short period of time. Trust will depend on other experiences like quality and reliabi...