Authentication Blog Posts From API Evangelist

These are the blog items I've written over the last decade when it comes to my Authentication resarch, providing the short form of my research across the API industry.

You can find all of the blog posts I have written over at the main API Evangelist site, these are mean to just be for providing easy access to what I've written when it comes to Authentication.

Curated Authentication News

These are the news items that I have curated during the monitoring of the API space that have some relevance to the Authentication conversation and I wanted to include in my research. I am using all of these links to better understand how the space is defining not just their APIs, but their schema, and other moving parts of their API operations.

Authenticate Spring boot API with AWS Cognito (04-19-2020)
GitHub App authentication support released (04-15-2020)
How to Secure APIs and Services Using OpenID Connect (04-15-2020)
Selecting and migrating a Facebook API version for Amazon Cognito (04-03-2020)
Boost OAuth 2.0 and OpenID Connect Using Hooks (04-03-2020)
Use AWS Lambda authorizers with a third (03-25-2020)
Easy OAuth 2.0 Single Sign (03-06-2020)
Facebooks latest transparency tool doesnt offer much so we went digging (02-25-2020)
Create User Registration and Login Using Web API and ReactJS (02-03-2020)
CouchDB REST API for Document CRUD Operations Examples With Postman (01-15-2020)
Scripts from The Office, the dataset (12-30-2019)
Role (12-27-2019)
Chinese Hackers Bypassing Two (12-26-2019)
Open (12-24-2019)
Find Secret API (12-22-2019)
Google Cloud External Key Manager Now in Beta (12-19-2019)
Introducing Load Balancing Analytics (12-10-2019)
Choosing an API (12-08-2019)
Migrate/Import Existing Oauth2 Clients into WSO2 APIM while Preserving Client Credentials (12-08-2019)
The Next Evolution in AWS Single Sign (11-27-2019)
A deep dive into Elasticsearch authentication realms (11-20-2019)
OAuth (11-13-2019)
Google buys Fitbit for $2.1 billion (11-01-2019)
RESTful API for Beginners (10-27-2019)
How (10-25-2019)
Authentication and Authorization: Mastering Security (10-25-2019)
Pub/Sub Local Emulator (10-22-2019)
How Usernames and Passwords Got so Complicated (10-14-2019)
Why lightning strikes twice as often over shipping lanes (10-12-2019)
Rich OAuth 2.0 Authorization Requests (09-21-2019)
Secure a REST API With MicroProfile and JWT Authentication (09-19-2019)
DataOps and the Problem with Ops Terminology (09-09-2019)
Online cURL tool to authenticate JWT Bearer tokens (09-05-2019)
Launching OSM Teams (09-05-2019)
Getting started with Elastic Cloud on Kubernetes: Data ingestion (09-05-2019)
Xero OAuth 2 APIWhats new + Node example (09-05-2019)
3 Realistic Approaches to Kubernetes RBAC (09-05-2019)
PSD2: What Merchants and PSPs Need to Know (09-04-2019)
How to sell pay per use SaaS to AWS customers in the AWS Marketplace (09-04-2019)
Documenting role based authentication with Swagger (09-04-2019)
Brave Uncovers Googles GDPR Workaround ( (09-04-2019)
Documenting APIs using Swagger (09-04-2019)
8 New Rules of Open Source Infrastructure (09-03-2019)
Continuously build and test a JWT authenticated API (09-03-2019)
Flutter (09-03-2019)
Announcing NGINX Plus R19 (09-03-2019)
Introducing Pulse 2.0site and server monitoring for developers (08-30-2019)
Announcing the General Availability of API Tokens (08-30-2019)
Forms Are Hard (08-29-2019)
Chatting with Watson to Hook any Tweets: Webhook Tutorial (08-29-2019)
How Worldline puts APIs at the heart of payments services (08-29-2019)
JWT Authentication with FastAPI and AWS Cognito (08-29-2019)
Continuous Authorization With DevSecOps (08-28-2019)
Advanced API Security: Securing APIs with Oauth 2.0, Openid Connect, Jws, and Jwe full_online (08-27-2019)
How to Use Keywords in Your Blogging Strategy (08-27-2019)
Kadena brings free private blockchain service to Azure Marketplace (08-27-2019)
Advanced API Security: Securing APIs with Oauth 2.0, Openid Connect, Jws, and Jwe full_online (08-26-2019)
Auth0 Integrates Social Login for LINE (08-25-2019)
Introduction to Microservices With Docker and AWSAuthentication (08-24-2019)
Corporate Approach to Penetration Testing on Web Services and API End (08-24-2019)
How to Avoid Cost Pitfalls by Monitoring APIs in AWS Lambda (08-23-2019)
IBM Announce Quantum Safe Encryption (08-23-2019)
Reactive Spring: Define a REST Endpoint as a Continuous Stream (08-22-2019)
Create Your JWTs From Scratch (08-22-2019)
KBTG Banks on TIBCO Data Virtualization to Deliver Digital Lifestyle Banking (08-22-2019)
Got microservices? Service mesh management might not be enough (08-22-2019)
StormCrawler open source web crawler strengthened by Elasticsearch, Kibana (08-22-2019)
The war inside Palantir: Data (08-22-2019)
Serverless on GCP: A Comprehensive Guide (08-22-2019)
Kong 1.3 Released! Native gRPC Proxying, Upstream Mutual TLS Authentication, and Much More (08-21-2019)
Splunk Moves into Microservices Monitoring with SignalFX Acquisition (08-21-2019)
Porsche invests in low visibility sensor startup TriEye (08-21-2019)
What We Mean by Feature Flags (08-21-2019)
DR for cloud: Architecting Microsoft SQL Server with GCP (08-21-2019)
What GraphQL Is and Why It Matters for Headless CMSs (08-21-2019)
Introducing the Wild West of Federal Government Websites (08-21-2019)
What you and your company should know about cyber insurance (08-21-2019)
How to Refresh An Access Token Using Decorators (08-20-2019)
How we reduced our API calls by 50% (08-20-2019)
Serverless Deployment with AWS SAM (08-20-2019)
Apache Kafka: Basic Setup and Usage With Command (08-20-2019)
API Marketplace vs API Gateway (Whats the Difference?) (08-20-2019)
Hybrid Microservices An Insight (08-20-2019)
Surveillance as a Condition for Humanitarian Aid (08-20-2019)
Basic HTTP Auth with Flutter the right way (08-20-2019)
IFTTT tells Nest users not to move their accounts over to Google (08-20-2019)
Why You Should Auto (08-20-2019)
Permission to ByPass Your ESB! App Integration is your next big Monolith that needs refactoring. (08-19-2019)
How to Build an API in Python (with Flask & RapidAPI) (08-19-2019)
After data incidents, Instagram expands its bug bounty (08-19-2019)
MIT built a better way to deliver high (08-19-2019)
How to Reduce Cognitive Load for Voice Design (08-19-2019)
Self (08-19-2019)
Why is Serverless Architecture becoming popular for App Development? (08-19-2019)
Log In With the Google OAuth Demo App (08-18-2019)
Integrating Slack into your Laravel API (08-18-2019)
OpenDEX API Documentation (08-18-2019)
API 101: What even is an API? (08-18-2019)
Side (08-14-2019)
Developing Docker (08-14-2019)
Major Impediments to Continuous Testing (08-14-2019)
Microservice Architecture on Kubernetes (08-14-2019)
Self (08-14-2019)
A Practical Approach to Understanding Kubernetes Authorization (08-14-2019)
Canary deployments with Consul Service Mesh (08-13-2019)
Token Authentication in Django (08-11-2019)
How OAuth 2.0 Works (08-11-2019)
Enterprise Comparison of API Gateways and ESBs (08-09-2019)
#BHUSA : Open Source is Key to Solving Cyber Skills Gap (08-07-2019)
A Practical Approach to Understanding Kubernetes Authentication (08-02-2019)
A Realistic Path Forward for Security Orchestration and Automation (08-01-2019)
API Authentication with Laravel Janitor: Part 2Laravel JWT Proxy (08-01-2019)
JSON Web Token (JWT) and HTML logins with Devise and Ruby on Rails 5 (07-31-2019)
Security: Additional Considerations (07-31-2019)
Authorization Series (07-31-2019)
Integrate Anypoint With AWS Cognito (07-30-2019)
Using Swagger as a client for an ADFS protected API (07-29-2019)
Arduino Selects Auth0 as Standardized Login for Open (07-28-2019)
Introduction to Identity and Access Management (07-28-2019)
What Is Continuous Authentication? (07-26-2019)
Open ID Connect Authentication With OAuth2.0 Authorization (07-26-2019)
4 Most Used REST API Authentication Methods (07-26-2019)
Role (07-25-2019)
WSO2 API Microgateway: Dealing with Revoked JWT Tokens (07-25-2019)
Troubleshooting Self (07-17-2019)
Applying OAuth on the RingCentral API (Part 2) (07-15-2019)
Token CachingWSO2 API Manager (07-13-2019)
HTTP Basic Authentication With Spring Security (07-13-2019)
Organizations Are Adapting Authentication for Cloud Applications (07-09-2019)
Benefits of Having an API Hub For Your Teams External API Usage (07-05-2019)
Announcing the General Availability of the Auth0 SPA JS SDK (07-02-2019)
What are Json Web Tokens or JWT? (06-30-2019)
Open Letter from the OpenID Foundation to Apple Regarding Sign in with Apple ( (06-29-2019)
Custom authentication handler to perform either Basic authentication or Oauth2 in the API (06-29-2019)
AWS Control Tower Set up & Govern a Multi (06-24-2019)
OAuth2 Access Token Usage Strategies for Multiple Resources (APIs) Part 2 (06-22-2019)
Laravel Passport, Create REST API With Authentication (05-10-2019)
Working with Cognito: AuthN (05-10-2019)
How to set up two (03-27-2019)
APIdays Expert talksImproving the developer workflow with GitHubs public GraphQL API by Brian (03-16-2019)
Popular cloud apps authentication schemes: OAuth 2.0, API Keys, and more (02-22-2019)
Connecting to Adobe Experience Manager via OAuth 2.0 (02-22-2019)
API Auth and GraphQL in Laravel (02-22-2019)
I have several API keys. (02-22-2019)
Authentication on the Web (02-19-2019)
Popular cloud apps authentication schemes: OAuth 2.0, API Keys, and more (02-15-2019)
SAML on the Rebound (02-11-2019)
Build a REST API(s) from JSON with Authentication (02-09-2019)
Machine Learning Engineering Part 1: how to create a REST API from a custom algorithm, using (02-09-2019)
7 Tips for Visual Search at Scale (02-05-2019)
Access granular collaboration permissions with the Kloudless Sharing API (02-01-2019)
Elastic App Search: Announcing Role Based Access Control (01-29-2019)
Countering Modern Phishing Attacks With Strong 2FA (01-28-2019)
API Authentication With GCP Identity (01-28-2019)
January 2019 Product Update: New Integrations & APIs by PagerDuty (01-23-2019)
OpenID Authentication with Istio (01-18-2019)
Refreshing Bearer tokens with the Box API under highly concurrent workloads (01-18-2019)
Leveraging Microsoft Graph API for memory forensics (01-17-2019)
Accessing Box Enterprise content via JWT and per (01-17-2019)
HDInsight now supported in Azure CLI as a public preview (01-17-2019)
One (01-16-2019)
The What and Why of a Unified Security Strategy (01-16-2019)
Authorizing Office 365 PowerShell commands with OAuth (01-15-2019)
OAuth2 Tips: Token Validation (01-11-2019)
The Right Flow for the Job: Which OAuth 2.0 Flow Should I Use? (01-07-2019)
How to Use JSON Web Tokens ( (01-04-2019)
AWS Cognito User Pool: Advanced security features (12-31-2018)
API Management Reimagined: Authentication, Authorization, and Audit (12-21-2018)
Per (12-19-2018)
API Management for midsize businesses: What you need to know! (12-19-2018)
NodeJS Lambda Authorizer for JSON Web Tokens (12-18-2018)
Transparent Data Encryption (TDE) with customer managed keys for Managed Instance (12-17-2018)
Amazon Connect Adds New Contact API to Get Contact Attributes (12-15-2018)
A Few Thoughts on Security Tokens (12-07-2018)
X.509 Certificate Management with Vault (12-05-2018)
API Microservice Cross Cutting Concern 21: Security Auth/Auth (11-25-2018)
5 Ways To Hack An API (And How To Defend) (11-22-2018)
Security Best Practices for Managing API Access Tokens (11-21-2018)
Dance through OAuth headaches with Serverless (11-20-2018)
Authentication with AWS Cognito (11-19-2018)
Rails API + JWT Authentication (11-16-2018)
JWT: Using the Header and JWS Parameters (11-16-2018)
Stop using JWT for sessions (2016) ( (11-04-2018)
Laravel 5.7API authentification with Laravel Passport (10-29-2018)
How to Use Refresh Tokens (10-28-2018)
Novice Guide to Securing API and Firebase Key in Create (10-28-2018)
How to verify the authenticity of a GitHub Apps webhook payload (10-26-2018)
How to Build a Secure API Strategy for the API Economy (10-25-2018)
Security Tokens 2.0: About On (10-11-2018)
How to rotate a WordPress MySQL database secret using AWS Secrets Manager in Amazon EKS (10-08-2018)
AWS Organizations now requires email address verification in order to invite accounts to an organization (09-20-2018)
Token Based Authentication API in Rails with the help of JWT and Knock (09-20-2018)
Trust through transparency: incident response in Google Cloud (09-12-2018)
Allowing Users to Get Their Own OAuth Tokens for Accessing an API (09-08-2018)
Adding Authentication to Your HTTP Triggered Azure Functions (09-07-2018)
Spring Boot and Content Negotiation XML and JSON Representations (09-04-2018)
Everything you need to know about Reacts Context API (09-03-2018)
The practical guide for Building REST API in Nodejs and MongoDB include Passport and JWT (09-02-2018)
Roundup of API Platforms and Specifications (08-31-2018)
Researchers show Alexa skill squatting could hijack voice commands (08-30-2018)
How to use AWS Secrets Manager to rotate credentials for all Amazon RDS database types, including Oracle (08-29-2018)
Using cURL to authenticate with JWT Bearer tokens (08-29-2018)
What is WebAuthn? (08-29-2018)
JSON Web Tokens (JWTs), what they are and if you should use them (08-29-2018)
Instagram Bids to Boost Transparency and 2FA (08-29-2018)
Identity Verification API Inspires Food Security Innovation at AngelHack San Francisco (08-28-2018)
The History of Biometric Authentication (08-28-2018)
How Does HTTP Basic Authentication Work in Spring Security? (08-22-2018)
Burp (08-20-2018)
React OAuth Authentication with Firebase (08-08-2018)
OAuth 2.0 Authorization Code Grant (08-08-2018)
Filestack Tutorials: Setup OAuth for Dropbox (07-25-2018)
How to Implement Spring Security With OAuth2 (07-23-2018)
Create Your Own Google Drive OAuth Application (07-18-2018)
Getting a Handle on Spiraling AWS Lambda Cost in Seconds (07-18-2018)
Serverless Security Risks Laid Bare (07-13-2018)
Understanding AWS Cognito User and Identity Pools for Serverless Apps (07-12-2018)
A crash course on Serverless APIs with Express and MongoDB (07-12-2018)
Multi (07-11-2018)
The 10 commandments of serverless (07-11-2018)
Announcing Kong CE 0.14.0 including Zipkin, Prometheus, and More! (07-05-2018)
New Gluu IAM products! (07-03-2018)
9 Questions for Top (07-03-2018)
Session vs Token Based Authentication (06-30-2018)
Tool: How to set up an API Key on Huobi (06-29-2018)
Configure an External Identity Provider for Single Sign (06-29-2018)
The Importance of Multi (06-29-2018)
Tool: How to set up an API Key on KuCoin (06-28-2018)
Key Considerations in API security (06-27-2018)
How to access secrets across AWS accounts by attaching resource (06-27-2018)
The supplied authentication is invalid (06-27-2018)
Auth Headers vs JWT vs Sessions How to Choose the Right Auth Technique for APIs (06-18-2018)
How to Integrate Salesforce as the Identity Provider of WSO2 API Manager for Single Sign (06-03-2018)
Authentication and authorization with AWS AppSync (06-01-2018)
Old OAuth plugin leaves a number of companies at risk (06-01-2018)
Identity as a Service (IDaaS) (05-30-2018)
Laravel 5.6 Custom Token Base API Authentication (05-26-2018)
Faster and more reliable auth: moving away from Authentication as a Service (AaaS) (05-25-2018)
Okta Offers Devs Free Tool to Set Up Multifactor Authentication (05-24-2018)
Risk is Reality: Our Take on the Recent Auth0 Vulnerability (05-23-2018)
Oktane18: Okta makes authentication API free for apps and websites (05-23-2018)
Okta introduces Sign in with Okta service (05-23-2018)
Remembering OpenID (05-08-2018)
Serverless Hello World in AWS (05-05-2018)
Auth Claims to Go (05-05-2018)
A crash course on securing Serverless APIs with JSON web tokens (05-03-2018)
Service Mesh, Service Discovery and API Gateways Express Gateway (05-03-2018)
Implementing JWT Authentication to your API Platform application (04-28-2018)
Demo: Apigee Edge OAuth2 Debugging (04-20-2018)
Getting Access Token for Microsoft Graph Using OAuth REST API, Part 3 (04-13-2018)
PSD2: What does it mean global banking industry? (04-13-2018)
Understanding the Amazon GameOn API Keys (04-13-2018)
Part 2: The Dark Side of APIs (04-13-2018)
Implement Secure Microservices With Spring Security and OAuth 2.0 (04-13-2018)
A Cognito Protected Serverless API with Golang in Minutes (04-12-2018)
Launching the FACEIT Developer Portal (04-12-2018)
Farsight Security Announces DNSDB API Key Portability Program (04-09-2018)
ASP.NET Core Two Factor Authentication Using Google Authenticator (04-03-2018)
Securing APIS with JSON Web Tokens and an API Gateway (03-26-2018)
A tour through Merkle Town, Cloudflare's Certificate Transparency dashboard (03-23-2018)
Implementing a Custom OAuth Policy in Mule (03-23-2018)
JSON Web Tokens (03-23-2018)
An Overview of Security Tokens (03-22-2018)
Data Security Basics: Authentication, Authorization, Encryption and Auditing (03-22-2018)
Single Sign (03-19-2018)
Use JWT (JWS) for authenticate (03-17-2018)
7 Ways to Know You've Aced Continuous Integration (03-12-2018)
GDPR Effect? (03-12-2018)
Introducing GCPs new interactive CLI (03-09-2018)
How your trading API keys can be used to drain your funds (03-09-2018)
Single Sign (03-09-2018)
Apigee Up Close: Protecting APIs with OWASP Best Practices (03-09-2018)
Using JWT for Sessions (03-09-2018)
3scale ActiveDocs and OAuth 2.0 (03-09-2018)
Conditional Access Control with Microsoft Azure Active Directory (03-08-2018)
Keep Your Account Safe: Two (03-08-2018)
REST API Security (03-08-2018)
Authentication with JWT in Rails API (03-08-2018)
Getting to know Cloud IAM (03-08-2018)
Announcing Gloo: The Function Gateway Medium (03-06-2018)
Vault Integration Using Kubernetes Authentication Method (03-06-2018)
From open source to sustainable success: the Kubernetes graduation story (03-06-2018)
3scale by Red Hat API and Identity Management Series (03-06-2018)
Secure access to 100 AWS accounts (03-06-2018)
Cache OAuth 2 in Spring With Redis (03-05-2018)
Amazon might introduce its own branded checking accounts (03-05-2018)
AWS Federated Authentication with Active Directory Federation Services (AD FS) (03-02-2018)
Fleet to Integrate Its Satcom Data with Reekoh's IOT Platform (03-02-2018)
Authentication and Content (03-02-2018)
Bing Entity Search API is now available (03-02-2018)
Open Auth Standards: Your Secret to Success With the PSD2 Initiative (03-02-2018)
Protocol OAuth2: lets play with Doorkeeper & Omniauth/OAuth2. (03-01-2018)
Using Cloudflare Workers to identify pwned passwords (02-26-2018)
Why Cloud APIs on GCP is Awesome by leveraging Apigee? (02-25-2018)
Buiding Microservices Using Spring Boot and Docker (02-24-2018)
JSON Web Tokens With Spring Cloud Microservices (02-23-2018)
Microservices Authentication and Authorization Using API Gateway (02-23-2018)
Apigee Up Close: Integrating with Identity Management Systems (02-23-2018)
Instagram authentication with Flutter (02-22-2018)
Secure Spring REST With Spring Security and OAuth2 (02-22-2018)
How to retrieve short (02-22-2018)
3Scale integration with ForgeRock using OpenID Connect (02-22-2018)
Stateless Authentication With JSON Web Tokens (02-21-2018)
Microsofts Building on the Blockchain to Manage Digital Identities (02-21-2018)
An OAuth2 Grant Selection Decision Tree for Securing REST APIs (02-20-2018)
3 Cryptocurrencies To Earn You Money While You Sleep Part 1 (02-19-2018)
How Prepared Are You for PSD2? (02-19-2018)
Authentication and authorization of Pipeline users with OAuth2 and Vault Banzai Cloud (02-18-2018)
An OAuth2 Grant Selection Decision Tree for Securing REST APIs (02-17-2018)
Sqreen wants to become the IFTTT of web app security (02-17-2018)
Security as a business priority (02-16-2018)
NTT DOCOMO Implements Authlete Solution for API Security (02-15-2018)
How to *securely* use SMS two (02-15-2018)
NTT Docomo deploys Authlete's web API access (02-15-2018)
How to enable SAML authentication in Kibana and Elasticsearch (02-14-2018)
How to Use Your Own Identity and Access Management Systems to Control Access to AWS IoT Resources (02-14-2018)
Trulioo Is An API Gateway To Digital Identity Verification (02-14-2018)
AWS Cognito User Pool Access Token Invalidation (02-13-2018)
Simple authentication service with AWS Lambda (02-08-2018)
REST Token based authentication (jwt) (02-07-2018)
Telegram Login Widget Official Telegram authentication for websites (02-07-2018)
Secure Your Vert.x Server With Single Sign (02-06-2018)
ISC Releases Security Advisories for DHCP, BIND (01-17-2018)
Opening banking data and APIs: Land of opportunity or Pandora's box? (01-16-2018)
PSD2: Strong Customer Authentication (01-14-2018)
Abusing Aadhaar authentication API services (01-11-2018)
VueJS Route Security and Authentication (01-04-2018)
The Argument for Risk (01-02-2018)
Serverless with AWS Cognito: Facebook login integration (01-01-2018)
How to use JWT with Salesforce API? (12-31-2017)
Tokens based authentication (12-31-2017)
Create REST API in Laravel with authentication using Passport (12-29-2017)
Why Every Business Needs Two (12-29-2017)
Authentication Provider Best Practices: Centralized Login (12-25-2017)
Azure Security Audits With Pester (12-22-2017)
grpc/grpc (12-22-2017)
Grpc authentication token (12-22-2017)
Twitter Expands 2FA Options to Third (12-21-2017)
Twitter now supports 2 (12-20-2017)
What is JSON and why is it important? (12-20-2017)
Twitter adds more verification options for two (12-20-2017)
Twitter adds support for app (12-20-2017)
TelegramRAT Scurries Around Defenses Via the Cloud (12-20-2017)
AWS Organizations Now Supports Self (12-19-2017)
US Government Pays $10,650 Bug Bounty in 'Hack the Air Force' Event (12-18-2017)
The Illustrated Guide to Google OAuth With Temboo (12-15-2017)
Why Your IAM's Definition Of User Could Be Costing You Millions (12-15-2017)
Using Gmail with OAUTH2 in Linux and on an ESP8266 (12-14-2017)
Security Planner (12-14-2017)
What is ETL (Extract, Transform, Load)? ETL Explained (12-13-2017)
Authentication Provider Best Practices: Centralized Login (12-12-2017)
Upcoming changes to AdWords OAuth Scope (12-11-2017)
The importance of OAuth 2.0 (12-10-2017)
Azure App Service Custom Authentication (12-09-2017)
Using Kong with Kubernetes (12-09-2017)
Kaspersky Lab: D.C. office no longer viable and will close (12-08-2017)
The Dangers of a 'Trust and Forget' Approach to Data Security (12-08-2017)
Introducing AWS Single Sign (12-07-2017)
AWS Serverless Application Model Template for Lambda Function proxied by API Gateway (12-07-2017)
Securing .NET Core 2.0 Applications with JWTs (12-07-2017)
OAuth whitelisting can now control access to GCP services and data (12-06-2017)
OWASP Top 10 2017: What your app sec team needs to know (12-06-2017)
How to Get Scopes Related with an Application Based on Subscribed APIs in WSO2 API Manager 2.1.0? (12-06-2017)
Enabling Two (12-05-2017)
Study: Simulated Attacks Uncover Real (12-05-2017)
Kong meets Auth0 Scaleout Ninja (12-05-2017)
How to Improve OAuth Security With HMAC Validation (12-05-2017)
Pricing (12-04-2017)
Understanding WSO2 API Manager Deployment Patterns (12-04-2017)
Credential Management API (12-01-2017)
Web Authentication: What It Is and What It Means for Passwords (12-01-2017)
OAuth with PHP, Part One: getting access tokens. (11-30-2017)
Introducing 0x Connect (11-29-2017)
Facebook uses selfies as login authentication for suspicious activity (11-29-2017)
Build a Secure SPA With Spring Boot and OAuth (11-27-2017)
Single Sign On: Feature or Threat? (11-27-2017)
Going Serverless with AWS Serverless User Authentication Part 3 (11-26-2017)
Building Your First Crystal Web App and Authenticating With JWTs, Part 2 (11-23-2017)
OAuth2 Configuration in 3Scale API Management (and APICast) with Red Hat SSO (11-22-2017)
2FA Two Factor Antiquated (11-22-2017)
Rate Limiting Serverless Apps Two Patterns (11-21-2017)
How APIs Can Inspire The Complete Reinvention of an Old Business (11-17-2017)
Applications for Tarantool, Part 2: OAuth 2 Authorization via Facebook (11-17-2017)
Webpack Set API Keys Depending On Environment (11-16-2017)
B2B Authentication Solution for APIs using AWS Cognito UserPools (11-16-2017)
Secure Your Node.js Website With OpenID Connect (11-15-2017)
Who Am I? Best Practices for Next (11-15-2017)
Twitter launches new paid API plans and makes it easier for devs to check their usage (11-14-2017)
Why Cant I Just Send JWTs Without OAuth? (11-14-2017)
Securing Golang API using Json Web Token (JWT) (11-13-2017)
Secure your Spring Boot API with JSON Web Tokens (11-12-2017)
Less Than One (11-07-2017)
State of the Auth: Experiences and Perceptions of Multi (11-07-2017)
How we develop APInf Platform REST APIs openly (11-07-2017)
Implementing Authenticated Identity with Trusted Key and Auth0 (11-06-2017)
Postman makes authorization stronger and easier (11-03-2017)
Generate beautiful Swagger API documentation from Insomnia (11-03-2017)
The Developer (11-01-2017)
How to Keep Your API Keys Safe (11-01-2017)
Authentication Using JSON Web Tokens (11-01-2017)
How do you authenticate, mate? (10-31-2017)
Docker Authentication with Keycloak (10-31-2017)
Vessel is a Lightweight Docker Environment for Laravel (10-30-2017)
Introducing the 0x Standard Relayer API (10-26-2017)
3scale API Management Simplifies OpenID Connect Integration (10-26-2017)
API Keys versus OAuth (10-25-2017)
How to securely store API keys (10-25-2017)
How to Rate (10-25-2017)
Daptin walk through: oauth2, google drive, subsites and grapejs (10-24-2017)
Leave legacy authentication behind and rebuild trust (10-24-2017)
Adding OAuth2 to Mobile Android and iOS Clients Using the AppAuth SDK (10-24-2017)
Building a simple token based Authorization API with Rails. (10-23-2017)
Should You Make Your Users Log In? (10-23-2017)
New Architecture of OAuth 2.0 and OpenID Connect Implementation (10-22-2017)
OAuth 2.0 Best Practices for Native Apps (10-19-2017)
OpenID Connect Identity Brokering with Red Hat Single Sign (10-18-2017)
Facebook Authorization in a React App (10-16-2017)
The Return of Authorization (10-16-2017)
Secure Spring Boot REST API using Basic Authentication (10-13-2017)
JSON web token based authentication in Django (10-13-2017)
Email Authentication 101 (10-13-2017)
Consolidating Multiple Identity Sources with Auth0 (10-12-2017)
The Beer Drinkers Guide to SAML (10-12-2017)
Google Token Authentication with Laravel (10-11-2017)
Using Cloud Functions for a Managed REST API with API Key Access (10-09-2017)
Build Personalized Marketing With Identity Management (10-09-2017)
Enhancing Productivity With Identity and Access Management (10-06-2017)
Postman survey shows that API documentation needs improvement (10-05-2017)
Integrating GitHub and GitLab with Scripts (10-04-2017)
White House wants to end Social Security numbers as a national ID (10-03-2017)
Google Upgrades Cloud Access Controls (10-03-2017)
Introducing custom roles, a powerful way to make Cloud IAM policies more precise (10-03-2017)
Deploying any React app on Heroku (10-03-2017)
The Top 20 AWS IAM Documentation Pages so Far in 2017 (10-02-2017)
SAP to Acquire Gigya: What's Next for Identity Management? (10-02-2017)
Google plans to upgrade two (09-29-2017)
Amazon Cognito User Pools Now Integrates with Amazon Pinpoint to Add Analytics for User Pools (09-27-2017)
How to load test a realtime multiplayer mobile game with AWS Lambda and Akka (09-25-2017)
Announcing general availability of the new App Service Premium Plan (09-25-2017)
EnvKey Protect api keys and credentials. Keep config in sync. (09-25-2017)
How to Do GitHub API Authentication Using OAuth 2.0 (09-24-2017)
DreamFactory 2.9 adds AD SSO, GitHub, and GitLab (09-24-2017)
You can now use two (09-23-2017)
Add Authentication and Billing to Your API on AWS [Tutorial] (09-22-2017)
Run collections with file uploads using Newman (09-21-2017)
Securing Microservices: The API gateway, authentication and authorization (09-20-2017)
Okta Wants to Be an Identity Service for Developers (09-20-2017)
Secure (and usable) multi (09-19-2017)
Amazon Web Services will now charge by the second, its biggest pricing change in years (09-18-2017)
This is why you shouldnt use texts for two (09-18-2017)
How To Submit Your Security Tokens to an API Provider, Pt. 2 (09-16-2017)
How To Submit Security Tokens to an API Provider, Pt. 2 (09-15-2017)
AWS IAM Policy Summaries Now Help You Identify Errors and Correct Permissions in Your IAM Policies (09-15-2017)
Building Account Systems (09-15-2017)
Industry Seeks Tough Enforcement Of API Performance (09-15-2017)
Instagram API Authentication using Swift (09-14-2017)
Add Authentication and Billing for Your API on Heroku [Tutorial] (09-13-2017)
Adding FullContact to your Auth Process For Profile Enhancement (09-13-2017)
Why You Need to Give Away Your API for Free (09-12-2017)
Authentication as a Service, an honest review of Auth0 (09-11-2017)
Please stop calling SMS codes two (09-10-2017)
Now Create and Manage AWS IAM Roles More Easily with the Updated IAM Console (09-08-2017)
Research delivers insight into the API management market (09-08-2017)
How To Submit Security Tokens to an API Provider, Pt. 1 (09-08-2017)
Cloud Auth (09-08-2017)
Why You Should Not Manage Your Users' Identities (09-06-2017)
The Total Economic Impact of An API Management Solution (09-04-2017)
USER MANAGED ACCESS 2.0 (09-03-2017)
Cloud Identity (09-01-2017)
You shouldn't use your phone number for 2 (09-01-2017)
Session Hijacking Bug Exposed GitLab Users Private Tokens (08-31-2017)
ETL data from 60+ sources into Snowflake with Stitch (08-31-2017)
Solving the Identity Crisis with Username Aliases (08-31-2017)
Okta API strategy aims to bridge gap between customer experience and security (08-29-2017)
Authentication of DocFinder using Auth APIs (08-29-2017)
Okta Launches APIs and New Developer Edition to Power Identity for Every App (08-29-2017)
Authentication of DocFinder using Auth APIs (08-29-2017)
Now Available: Improvements to How You Sign In to Your AWS Account (08-25-2017)
Launch Amazon Cognito User Pools General Availability: App Integration and Federation (08-25-2017) (08-24-2017)
GitHub (08-24-2017)
Using JSON Web Tokens with CUWebAuth (08-21-2017)
Restful Renders (08-21-2017)
Secure web services using JWT and Slim Framework (08-18-2017)
Develop and Deliver an API (08-18-2017)
Context Aware Encoding (beta) (08-17-2017)
Open States API Keys (08-17-2017)
Integrating PicketLink with OKTA for SAML based SSO (08-17-2017)
The state of authentication: Is a passwords replacement imminent? (08-16-2017)
SSO is Easy with DB Systel and AWS (08-15-2017)
Tutorial 5: How to Build a Laravel 5.4 JWT Authentication API with E (08-14-2017)
How to Hide API Keys When Building Web Apps On CodePen (08-14-2017)
API Protection Requires Both User and App Authentication (08-14-2017)
AWS CloudHSM Update Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads (08-14-2017)
The Guy Who Made Up All Those Password Rules Is Sorry (08-12-2017)
Overview: OAuth API v4 (08-10-2017)
Integrating Audience with Single Sign (08-10-2017)
Implementing JWT Authentication on Spring Boot APIs (08-10-2017)
Introducing mobile prompts for two (08-10-2017)
Implementing JWT Authentication on Spring Boot APIs (08-10-2017)
Ionic Framework: Getting Started (08-08-2017)
Create a Drupal Site and Add Authentication with Auth0 (08-02-2017)
Tutorial 4: How to Build a Laravel 5.4 JWT (08-01-2017)
Login With Facebook In Laravel 5.4 (07-31-2017)
Citizen sensing, air pollution and fracking: From caring about your air to speculative practices of evidencing harm (07-30-2017)
Auth API Calls (07-29-2017)
Login with Amazon Integrations: Amazon Cognito (07-28-2017)
Authenticating Studio Users using Single Sign (07-27-2017)
What is Modern Two (07-27-2017)
Callsign pulls in $35M Series A for its adaptive authentication platform (07-27-2017)
Authenticating Android Apps Developed in Kotlin (07-27-2017)
Logitech Circle 2 is a great surveillance system, but for a price (07-26-2017)
Memahami OAuth 2.0 (API Security) (07-25-2017)
Don't Pass on the New NIST Password Guidelines (07-25-2017)
New Twilio APIs Can Help Developers with Authentication, Session Management, Data Synchronization (07-25-2017)
Filestack Web SDK V3 0.7 Updates (07-24-2017)
Wisconsin company offers staff implants for keys and passwords (07-24-2017)
Use Google KMS to control encryption keys in the cloud (07-24-2017)
Securing API Keys inside Android Apps using Android NDK (07-24-2017)
How to Use AWS Organizations to Automate End (07-24-2017)
APIMatic: The first ever SDK generator to support OAuth 2.0 (07-23-2017)
AMD Relies on Auth0 For Seamless Authentication of Enterprise Portal (07-21-2017)
RISE & Shine: 5 reasons why RISE conference works for companies like Tyk (07-21-2017)
Help keep your Google Cloud service account keys safe (07-19-2017)
Angular 4 Third Party APIs (07-19-2017)
Google adds security features to help block unverified apps (07-18-2017)
Identification (07-18-2017)
Google will nudge SMS two (07-14-2017)
Leaky Images in OAuth (07-14-2017)
Introducing Token Exchange for Box Platform (07-13-2017)
2FA FTW? Two (07-13-2017)
OpenID Connect Logout (07-12-2017)
Google OAuth Developer Reviews Explained (07-12-2017)
How to Configure Even Stronger Password Policies to Help Meet Your Security Standards by Using AWS Directory Service for Microsoft Active Directory (07-12-2017)
Add the Power of Voice to a Multi (07-11-2017)
Siri usage and engagement dropped since last year, as Alexa and Cortana grew (07-11-2017)
Knock JWT Auth for Rails API + Create React App (07-10-2017)
Two (07-10-2017)
Iris Recognition for Two Factor Authentication with Ruby on Rails (07-10-2017)
Sails Backend for Angular2+ Auth (07-09-2017)
Getting Token Authentication Right in a Stateless Single Page Application (07-07-2017)
Customizing a user signup workflow in WSO2 API Manager (07-05-2017)
The Blockchain Fuels StartupsUnlike Any You've Ever Seen (07-01-2017)
Datical Aims to Bring DevOps Speeds to the Database (06-29-2017)
Identity now available in SQL Data Warehouse (06-28-2017)
Pinterest enables two (06-27-2017)
SCIM System for Cross (06-27-2017)
Enterprise identity made easy in Google Cloud Platform with Cloud Identity (06-27-2017)
Pinterest begins rolling out two (06-27-2017)
Cloud Identity Leader Auth0 Adds $30 Million Series C (06-27-2017)
NIST Releases New Digital Identity Guidelines (06-26-2017)
How do I generate a TrackingMore API key (06-24-2017)
Parallelizing Large Simulations with Apache SparkR on Databricks (06-23-2017)
Yelp Dataset Challenge Round 8 Winner (06-22-2017)
Securing Application Secrets with EC2 Parameter Store (06-22-2017)
How hackers can steal your 2FA email account by getting you to sign up for another website (06-22-2017)
OAuth 2.0 Threat Landscapes (06-22-2017)
CA Technologies Adds New Capabilities to Its API Management Portfolio (06-21-2017)
BBVA becomes the latest incumbent to join the digital ID race (06-21-2017)
AWS Marketplace Update SaaS Contracts in Action (06-20-2017)
Load Testing using CircleCI and k6 (06-19-2017)
Identity Propagation in an API Gateway Architecture (06-17-2017)
Hasura Auth API + Postman collection (06-17-2017)
Hasura Auth API (06-16-2017)
Twitter's 2 (06-16-2017)
Copying Runscope Environments using the Runscope API (06-16-2017)
How OneLogin Was Compromised and the Lessons for the Rest of Us (06-16-2017)
Nearly 3 million FCC commenters' email addresses 'unintentionally' exposed through API (06-16-2017)
Auth0 is now part of UK's official Digital Marketplace G (06-16-2017)
Authentication for Great Apps (06-14-2017)
New houses will have Alexa and Wi (06-14-2017)
Revoking JWTs (06-14-2017)
Test your APIs with Insomnia REST client (06-14-2017)
Hands (06-13-2017)
IBM Launches Identity Service (06-13-2017)
Turn CSV files into REST APIs with DreamFactory's Data Importer (06-13-2017)
Identity Propagation in an API Gateway Architecture (06-13-2017)
Grammar of the IAM Policy Language (06-12-2017)
Bancor Network A solution for creating ever (06-12-2017)
Why You Should Use Access Tokens to Secure an API (06-11-2017)
Taking advantage of Mailchimp web hooks (06-08-2017)
Build with BitScoop: Social Login (06-07-2017)
The leaked NSA report shows 2 (06-06-2017)
The Virtual Hackathon and an Experimental API by (06-06-2017)
Myki Authenticator Login to any account on any device with your fingerprint (06-05-2017)
Facebook now lets you find and contact your government reps right from your posts (06-05-2017)
SecureLogin Authentication Protocol 1.0, GDB 8.0, Boundless Suite 4.0, Audioburst (06-05-2017)
Jetpack Services for Clef Users Jetpack for WordPress (06-02-2017)
API Updates: Authentication, Add Buckets and More (06-01-2017)
OneLogin suffers breachcustomer data said to be exposed, decrypted (06-01-2017)
OneLogin: Breach Exposed Ability to Decrypt Data (06-01-2017)
Force Expiring of JWTs with Refresh Tokens (06-01-2017)
Open, private and secure by default: US Census Bureau to switch API from HTTP to HTTPS (05-31-2017)
SMS Passwordless Authentication (05-31-2017)
How this teen's life changed after deleting all social media (05-30-2017)
API Basics (05-29-2017)
The Firewall of the Future Is Identity (05-29-2017)
Twitter Kit 3 Brings Improved Sharing, Authorization to App Developers (05-26-2017)
Go Beyond Username/Password with Modern Authentication (05-26-2017)
New Features for IAM Policy Summaries Resource Summaries (05-25-2017)
Maintaining API authentication using Axios (05-25-2017)
Identity and Access Considerations for Public & Private Clouds (05-25-2017)
Firebase Phone Auth (05-25-2017)
Stripe Connect The payments platform for platforms (05-25-2017)
An Introduction to Ethereum and Smart Contracts: an Authentication Solution (05-23-2017)
Authentiq Strong authentication, without the passwords (05-23-2017)
Introducing DreamFactory's OpenID Connect Service (05-22-2017)
Authentiq Strong and secure authentication without the passwords. (05-20-2017)
Streaming APIs (05-19-2017)
Using Squares REST APIs to Build a Sandbox Dashboard Part 1: Authentication & Locations. (05-18-2017)
One Standard to Rule Them All: A Common Language for the Clouds Identity Management Crisis (05-18-2017)
Get Realtime Authentication Events with Auth0 and Pusher (05-18-2017)
New in the Congress API: Congressional Statements and More (05-17-2017)
Two (05-17-2017)
Now Available: Use Resource (05-16-2017)
Introducing Auth0 Extend: The new way to extend your SaaS (05-16-2017)
Google will review web apps that want access to its users' data (05-13-2017)
Google Blocks OAuth Requests Made Via Embedded Browsers (05-12-2017)
What Is the Difference Between Site Login and HTTP Authentication? (05-12-2017)
SSA Plans Stronger Website Authentication (05-11-2017)
Updating developer identity guidelines and registration processes to protect users (05-11-2017)
SSA.GOV To Require Stronger Authentication (05-10-2017)
Bluetooth Chooses Auth0 to Implement Standards Based Authentication (05-10-2017)
Authorization and Authentication With RBAC (Part 2) (05-10-2017)
Managing Secrets on OpenShift Vault Integration (05-09-2017)
Things to Use Instead of JWT (05-08-2017)
Token Migration Plan Pt.2 (05-08-2017)
Down the SAML Code (05-03-2017)
User Management Request for Information (RFI) (04-27-2017)
Microsoft App Aims to Delete the Password (04-26-2017)
Tweet: Getting Started with the @Okta API and OpenID Connect (04-25-2017)
Russian hackers use OAuth, fake Google apps to phish users (04-25-2017)
Simple OAuth2 Authorization Server with Identity Server and .NET Core (04-22-2017)
Getting started with Cloud Identity-Aware Proxy (04-21-2017)
Microsoft is killing off passwords (MSFT) (04-19-2017)
Token Migration Plan Pt.1 (04-19-2017)
Firebase- Authentication Using AngularJS (04-18-2017)
Microsoft kills the password with phone-based log-in (04-18-2017)
Announcing the Postman Enterprise Beta, with Single Sign-On (SSO) (04-13-2017)
Ship your Auth0 logs to Azure Log Analytics (04-13-2017)
Social Login On The Rise: How Secure Is It? (04-12-2017)
JSON Web Token (JWT) Signing Algorithms Overview (04-11-2017)
Tweet: Extending #OAuth2 and @openid Connect as the enterprise standard for #API security @GetLevvel (04-07-2017)
Authentication (04-06-2017)
When to Build and When to Buy (04-06-2017)
Brute Forcing HS256 Is Possible: The Importance of Using Strong Keys in Signing JWTs (04-05-2017)
Updates to end user consent for 3rd-party apps and Single Sign-on providers (04-03-2017)
How To Get A 360 View of Your Customer By Managing Identity (03-24-2017)
How to set up two-factor authentication for your Apple ID and iCloud account (03-24-2017)
Instagram adds two-factor authentication, censors photos that are deemed offensive or disturbing (03-23-2017)
Instagram Has Two-Factor Authentication Now, So Turn It On (03-23-2017)
Why OAuth 2.0 Is Vital to IoT Security (03-23-2017)
Analyzing Identity in Movies (03-17-2017)
Facebook OAuth Login & Register with PHP (PHP Scripts) (03-17-2017)
REST API can we get rid of Basic Auth? (03-11-2017)
Announcing support for IAM users with MFA in the AWS SDK for #golang! (03-10-2017)
Tweet: Amazon Cognito is now available in our EU (London) region! (03-10-2017)
Protecting images and videos via cookie-based authentication (03-08-2017)
Tool to generate the amadmin password hash in OpenAM (03-08-2017)
Discontinuing Support for Clef Two Factor Authenticity (03-06-2017)
Stormpath Joins Forces With Okta - Stormpath User Identity API (03-06-2017)
Stormpath Joins Forces With Okta (03-06-2017)
Okta scoops up Stormpath team to ramp up identity platform for developers (03-06-2017)
Tweet: DreamFactory's SAML 2.0 Service by @dfsoftwareinc (03-03-2017)
Tweet: DreamFactory's SAML 2.0 Service by @dfsoftwareinc (03-03-2017)
Authentication-as-a-Service: Auth0 vs. Backand (03-02-2017)
GitHub Adds To Online Service Capabilities In A Bid For Business Developers (03-02-2017)
What Does WSO2 Identity Cloud Bring To The Table? (03-02-2017)
Tweet: just got better for businesses with SAML SSO, automated access provisioning, and more! (03-01-2017)
API Keys vs OAuth Tokens vs JSON Web Tokens (03-01-2017)
How to implement OpenID Connect authentication in a Django app using oxd and the Gluu Server (03-01-2017)
Tweet: Securing Apigee Edge with an external #SAML-based identity provider @pbhogill (02-28-2017)
OpenID Connect Certification (02-28-2017)
AWS Organizations Policy-Based Management for Multiple AWS Accounts (02-27-2017)
Houghton Mifflin Harcourt Chooses Auth0 to Consolidate Identity (02-27-2017)
SHA1 Is No Longer Recommended, But Hardly a Failure (02-27-2017)
Bringing U2F to the Masses (02-24-2017)
Tweet: No 1Password data was put at risk through the bug reported earlier today. (02-23-2017)
Auth0 is OpenID Connect Certified (02-23-2017)
Ionic 2 With Firebase: Signing in OAuth 2 (02-23-2017)
Updates to DigitalOcean Two-factor Authentication (02-23-2017)
Email Verification in Firebase Auth (02-21-2017)
Multi-Factor Authentication and Identity Management (02-18-2017)
How to Bootstrap an OAuth2 Authorization Server With UAA (02-17-2017)
Introducing Auth0 Hooks (02-17-2017)
You can now use Google Authenticator and any TOTP app for Two-Factor Authentication (02-16-2017)
Building a Serverless Application with Stormpath Authentication (02-15-2017)
Verifying Constituency: A Sovrin Use Case (02-13-2017)
WhatsApp Rolling Out 2-Step Verification (02-11-2017)
Authentication-as-a-Service: Auth0 vs. Backand (02-09-2017)
WhatsApp switches on two-factor verification for 1.2 billion users (02-09-2017)
Is Multifactor Authentication The Best Way To Secure Your Accounts? Myths And Reality (02-08-2017)
Steps to Building Authentication and Authorization for RESTful APIs (02-07-2017)
GitHub adds new two-factor lockout recovery features (02-06-2017)
Auth flows with Firebase UI on the Web (02-03-2017)
NIST Seeks Input On Trusted Identities Guidance (02-02-2017)
DreamFactory 2.4.2 adds logging, SAML, and Azure AD (01-31-2017)
Feature announcement: two-factor authentication (01-31-2017)
Facebooks new tool looks to replace traditional two-factor authentication (01-30-2017)
Mozilla Replaces Persona with Auth0 for Identity and Access Management (IAM) (01-30-2017)
Building and Securing Koa and Angular 2 with JWT (01-19-2017)
The Problem with Secure User Authentication in WordPress (01-19-2017)
How Intuit Uses OpenID 2.0 to Implement Single Sign On (01-18-2017)
How to create an application in Kotlin and secure it using JSON Web Tokens (JWTs) (01-18-2017)
End-user authentication options on Context.IO (01-13-2017)
Authorization vs. Authentication - What's the Difference? (01-12-2017)
Building An Instagram Clone With GraphQL and Auth0 (01-12-2017)
Introducing Zuuljs: Conditional Access Manager for Your IoT (01-12-2017)
Cloud Key Management Service (01-11-2017)
Google Cloud Platform launches Key Management Service in beta (01-11-2017)
Googles Cloud Platform gets a new key management service (01-11-2017)
Tweet: Token Authentication for Cached Private Content and APIs: (01-10-2017)
Token Authentication for Cached Private Content and APIs (01-10-2017)
Tweet: RT @mogui247: A Kong plugin, that let you use an external Oauth 2.0 provider to protect your API #opensource @masha… (01-03-2017)
How to Load Test SAML SSO Secured Websites with JMeter (12-26-2016)
Using Authy Two-Factor Authentication in Node.js and AngularJS (12-16-2016)
How to Enable Two-Factor Authentication on Twitter (12-15-2016)
JWT is not an authentication protocol (12-15-2016)
Working with LoopBack Authentication and Authorization (12-15-2016)
Google adds single-sign-on features in latest Android Wear 2.0 preview (12-13-2016)
How To Enable Two-Factor Authentication on and Microsoft (12-13-2016)
Signing into One Billion Mobile App Accounts Effortlessly with OAuth2.0 (11-12-2016)
Securing JSPs with Spring Security and Stormpath (11-10-2016)
OAuth 2.0 Vulnerability Leads to Account Takeover (11-08-2016)
API Best Practices: Authentication (10-31-2016)
An Introduction to AWS IAM (10-20-2016)
Two-Factor Authentication: Who Has It and How to Set It Up (10-19-2016)
User Authentication in Java 8 (10-19-2016)
Build together with App Collaborators (10-18-2016)
Demystifying OAuth2 in DFP (10-18-2016)
Storing JSON objects in LDAP attributes? (10-18-2016)
Protect Bearer Tokens Using Proof of Possession (10-12-2016)
Planet-scale authentication with Auth0 and Azure DocumentDB (10-11-2016)
Query Strings and URL Fragments in Login with Amazon Responses (10-11-2016)
JSON Web Tokens are made for Microservices (10-10-2016)
Easier OAuth setup with new OAuth libraries (10-10-2016)
Tweet: We've added support for Intercom to four OAuth libraries to make it easier to get setup – (10-10-2016)
Limiting OpenID Connect Community Client Support (10-06-2016)
Quantum Tokens for Digital Signatures (10-06-2016)
Enterprise Grade Authentication and Access Control on IoT (Part 2) (10-03-2016)
Announcing: Multi-Factor Authentication in Stormpath! - Stormpath User Identity API (09-30-2016)
Lock Up Your Raspberry Pi with Google Authenticator (09-30-2016)
Using API Gateways and JWTs for Identity Management in Microservice Based APIs (09-29-2016)
Angular 2 Authentication Tutorial (09-29-2016)
Announcing the Sovrin Foundation (09-29-2016)
Enhanced third-party access protection for Google Sheets (09-29-2016)
Increased account security via OAuth 2.0 token revocation (09-29-2016)
Saying goodbye to OAuth 1.0 (2LO) (09-29-2016)
Setting Expectations for Accessing User Data via OAuth (09-29-2016)
Announcing Auth0's Identity Glossary (09-28-2016)
BeyondTrust Announces Password Management API (09-27-2016)
Identity Management in Spring Boot with Twilio and Stormpath in 15 Minutes (09-27-2016)
Mobile Fraud Changes Outlook for Multifactor Authentication (09-27-2016)
Google embraces the log-in, leaving cookies behind in new advertising updates (09-26-2016)
Apache Shiro Stormpath Integration 0.7.1 Released (09-22-2016)
Increased account security via OAuth 2.0 token revocation (09-21-2016)
Moving from LDAP to SAML authentication (09-21-2016)
Two-step authentication has arrived on iOS (09-19-2016)
Setting Expectations for Accessing User Data via OAuth (09-17-2016)
Tweet: A personal hackathon with the goal of demystifying #OAuth2 in a fun way! The result : OZorkAuth (09-15-2016)
Intuit OAuth Server Maintenance on September 21st, 2016 ? Some Action Required (09-14-2016)
Analyzing Passwordless Connections Data: What can we learn? (09-09-2016)
Tweet: Intro to @QuickBooks Online REST #API with #OAuth1.0 by @manasmukh #developer (09-08-2016)
Use NGINX Plus and Auth0 to Authenticate API Clients (09-08-2016)
Authenticating Users to Existing Applications with OpenIDConnect and NGINXPlus (09-07-2016)
Spring Security OAuth2 ? Client Authentication Issue (09-05-2016)
OAuth: Get Client Credentials Using Postman (09-02-2016)
About license keys (08-31-2016)
Stateless Sessions for Stateful Minds: JWTs Explained and How You Can Make The Switch (08-31-2016)
Google partners with Okta to enable secure multi-cloud deployments (08-30-2016)
Google partners with Okta to enable secure multi-cloud deployments (08-30-2016)
Okta's API access product targets the trend toward services (08-30-2016)
Login with Facebook ( In 20 lines of PHP code ) (08-28-2016)
Announcing Auth0 Guardian, Multifactor Made Easy (08-25-2016)
Here?s Exactly Why SMS Two-Factor Is Not Enough (08-25-2016)
PlayStation Network Gets Two-Factor Authentication (08-25-2016)
Authentication startup Auth0 raises $15M as it beefs up security features (08-24-2016)
Announcing Password Breach Detection for Auth0 (08-24-2016)
2-Step Verification is here! (08-22-2016)
Complete AWS IAM Reference (08-18-2016)
Using HBase to Create an Enterprise Key Service (08-18-2016)
Rackspace Cloud Identity Api 2.0 (08-17-2016)
Enhanced third-party access protection for Google Sheets (08-11-2016)
New ? Bring Your Own Keys with AWS Key Management Service (08-11-2016)
New! Import Your Own Keys into AWS Key Management Service (08-11-2016)
New feature: Assign rights by service (08-09-2016)
API Gateway Custom Authorization With Lambda, DynamoDB, and CloudFormation (08-09-2016)
Cookie Authentication and Session Management (08-09-2016)
OAuth 2.0 Token Management With Stormpath and Spring Boot (08-07-2016)
Google is trying to stop you having to put in passwords (08-06-2016)
Dashlane and Google Intro Open YOLO API for Secure Android Logins (08-05-2016)
Dashlane and Google team up for 'OpenYOLO' security project (08-04-2016)
Dashlane, Google launch ?OpenYOLO?, an API-based password project for Android apps (08-04-2016)
Google partners with Dashlane for an open-source login API (08-04-2016)
Dashlane Teases Open API for App Logins (08-04-2016)
JSON Web Tokens(JWTs) vs Sessions in Practice (08-04-2016)
NIST is No Longer Recommending Two-Factor Authentication Using SMS (08-03-2016)
Analyzing Enterprise Connections Data: What can we learn? (08-02-2016)
My Mommy Identity (08-02-2016)
Tweet: Social Security Administration now requires 2-factor SMS auth. Still easy to sign up as someone else though (08-01-2016)
One password reset to rule them all! (07-26-2016)
Is your app ready for token revoke? (07-25-2016)
New AWS Compute Blog Post: Help Secure Container-Enabled Applications with IAM Roles for ECS Tasks (07-20-2016)
Announcing the Auth0 Partners Program (07-18-2016)
Enable Client-Side SSL Authentication of an API with the API Gateway Console (07-16-2016)
Two Factor Auth (2FA) ? List of websites and whether or not they support 2FA (07-12-2016)
Presentation: Two-factor Authentication (07-12-2016)
? Switching to Apple?s two-factor authentication (07-06-2016)
Screencast: Test OAuth2 Secured API with DHC (07-06-2016)
2-Factor Authentication Creates Trust, Security, and Competitive Advantage (07-01-2016)
Using the New Auth Component for Angular 2 With DreamFactory (06-24-2016)
Avoiding Password Reuse Attacks With Auth0 (06-23-2016)
Introducing Firebase Authentication (06-23-2016)
Creating your first Laravel app and adding authentication (06-22-2016)
Support for Universal 2nd Factor Authentication (06-22-2016)
Using the new auth component for Angular 2 (06-21-2016)
JSON Web Tokens With Spring Cloud Microservices (06-20-2016)
Adding Authentication to Your React Native App Using Json Web Tokens (06-19-2016)
Everything you need to know about 3-legged authentication and Context.IO (06-10-2016)
Firebase Authentication With the Firebase 3.0 SDK and Auth0 Integration (06-10-2016)
Slicker user authentication with Twitter Kit 2.2 (06-08-2016)
Sharing Authentication Between and a PHP Frontend (Using JSON Web Tokens) (06-07-2016)
Visualize and Search Your Auth0 Logs Using Sumo Logic (06-07-2016)
Adding Authentication to a Native Desktop C# App with JWTs (06-06-2016)
Integrate Tyk with Auth0 (05-17-2016)
User-based Authentication with Loopback (05-17-2016)
Why Federated Identity Management Matters (05-17-2016)
OAuth2 Scope Sunset for DFP API (05-12-2016)
Using the Auth0 Postman Collections (05-12-2016)
Investing, Authentication, and a Few Bots Take the Stage at Finovate (05-11-2016)
Token Authentication: The Secret to Scalable User Management (05-11-2016)
Providing A Set Of API Keys For Developers To Test Out Different API Outcomes (05-10-2016)
?Sign-In with Slack? challenges Facebook, Twitter and Google for log-ins (05-10-2016)
Heroku Connect APIs Now GA (05-10-2016)
How to use API Connect to Manage LoopBack APIs (05-10-2016)
Introducing Improved User Search Functionality in the IAM Console (05-10-2016)
Introducing Sign in with Slack (05-10-2016)
Sign in with Slack ? Let users login to your site with Slack (05-10-2016)
Slack intros 'Sign in with Slack' to streamline app logins (05-10-2016)
Twilio Provides Test API Credentials With Magic Phone Numbers (05-09-2016)
How To Use Auth0 To Manage Your Multi-Tenancy Application (05-08-2016)
Introducing TAuth: Why OAuth 2.0 is bad for banking APIs and how we're fixing it (05-05-2016)
Connecting Slack and Salesforce (05-05-2016)
3scale Adds Stormpath Integration to Its Industry Leading API Platform (05-03-2016)
New Stormpath Integration Simplifies Adoption Of OAuth Authentication Flow (05-03-2016)
HapiJS Authentication ? Secure Your API With JWT (04-29-2016)
Slack tokens: what they are, how they?re used, and how to keep your data safe (04-29-2016)
Developer-Friendly SAML Single Sign On Support (04-28-2016)
OpenID Connect Support in Tyk Cloud is Here! (04-28-2016)
Integrating Tyk Open Source API Gateway with a Custom Identity Provider using JSON Web Tokens (04-27-2016)
Lumen And Stormpath As Your Mobile Backend (04-27-2016)
Getting Started with the Heroku Connect API (04-25-2016)
Spring OAuth2 With JWT Sample (04-25-2016)
Saying goodbye to OAuth 1.0 (04-22-2016)
Everything You Wanted to Know About OAuth 2 (But Were too Afraid to Ask) (04-20-2016)
Intermediate Delivery Reports - Make the most of 2-Factor Authentication (04-19-2016)
New ? Your User Pools for Amazon Cognito (04-19-2016)
Authentication in Golang with JWTs (04-13-2016)
Facebook launches Account Kit, a tool that lets you sign in to apps without passwords (04-12-2016)
Announcing Clearbit Connect (04-07-2016)
Integrate Auth0 Into Your Existing SaaS Tools (04-07-2016)
Token Based Authentication using Postman as Client and Web API 2 as Server (04-05-2016)
Identity and access management: Where security and operations meet (04-04-2016)
Announcing General Availability of Box KeySafe with AWS KMS (03-29-2016)
How to Detect and Automatically Revoke Unintended IAM Access with Amazon CloudWatch Events (03-29-2016)
IAM best practice guides available now (03-29-2016)
JSON Web Token in Action With JAX-RS (03-29-2016)
Social logins: What?s really at risk? (03-29-2016)
Social Login: Facebook & Google in One API Call - Stormpath User Identity API (03-28-2016)
Four Key API Management Use Cases for the Enterprise (03-28-2016)
How to Easily Identify Your Federated Users by Using AWS CloudTrail (03-28-2016)
Google Cloud Platform now offers identity and access management roles for users (03-23-2016)
One time Authentication for Public Resource (03-22-2016)
Tutorial: Build an Android Application with Secure User Authentication (03-22-2016)
Test your OAuth2 secured API using DHC (03-21-2016)
Easy Guide on how to use OAuth to Access Google APIs (03-11-2016)
Introducing Auth0 for Postman Collections (03-09-2016)
HapiJS Authentication - Secure Your API With JWT (03-07-2016)
Introducing developer API tokens (03-04-2016)
Never type the same API token twice (03-01-2016)
Extra Security with Two-factor Authentication! (02-29-2016)
A Stateless OAuth 20 Proxy for Single Page Applications (SPAs) (02-27-2016)
MasterCard unveils 'selfie' security checks, says heartbeat authentication could follow (02-23-2016)
The ultimate guide to device authentication (02-17-2016)
New AWS Partner Network Blog Post: Securely Accessing Customers' AWS Accounts with Cross-Account IAM Roles (02-17-2016)
Instagram Finally Adds Two-Factor Authentication To Fight Hackers (02-16-2016)
How to Implement Basic Search with Google Maps API (02-12-2016)
SAML SSO with GoodData (02-12-2016)
Securing Identities: Two-Factor Authentication in the Hacking Age (02-09-2016)
Fitbit OAuth Update (02-05-2016)
SAML Single Sign-on With Tomcat and PicketLink (02-02-2016)
Getting Started with SAML in PHP Applications - Stormpath User Identity API (02-01-2016)
SSO for Heroku Now Generally Available (01-26-2016)
Using Google Sign-in With Your Server (01-26-2016)
OAuth with JSON Web Tokens In .NET - Stormpath User Identity API (01-25-2016)
Google Play Games API Adjustments Ease Sign-in and Permission Requirements (01-25-2016)
How to Encrypt OAuth Tokens in 10 minutes With SecureDB (01-25-2016)
Cover yourself up! Protecting your APIs with mutual auth (01-22-2016)
Keycloak and dagger: Securing your APIs with OAuth2 (01-22-2016)
OAuth authentication on tvOS (01-20-2016)
How to Record and Govern Your IAM Resource Configurations Using AWS Config (01-19-2016)
Introducing the OAuth Technology Preview in NGINX Plus R8 (01-19-2016)
The IAM Console Now Helps Prevent You From Accidentally Deleting In-Use Resources (01-13-2016)
Google Apps + Clever Instant Login (01-12-2016)
How to Enable Web Apps for 2FA With the Nexmo Verify API (01-12-2016)
Building Simple Command Line Interfaces in Python (01-11-2016)
IETF Moves to Simplify Sharing of OAuth Tokens ? Univers Smartphone (01-08-2016)
How to use JSON Web Token (01-06-2016)
The Basics of SAML (12-17-2015)
SSO for Heroku now in Public Beta (12-16-2015)
Identity and access management for everyone (12-11-2015)
Talking to OAuth2 Services with Node.js - Stormpath User Identity API (12-10-2015)
Apply an OAuth policy on a REST API (12-09-2015)
Adding An OAuth Scope Page As One Of My API Management Building Blocks (11-04-2015)
Adding Authentication to Shiny Open Source Edition (09-24-2015)
Take control of all your IoT devices with Netvibes + SAMI (08-27-2015)
Microsoft Previews a More Unified Sign-In Approach for Applications (08-13-2015)
Using OAuth 2.0 and the Google API Client Library for Javascript with Forge (08-13-2015)
Twitter Improves Digits Login Tool For Devs (08-11-2015)
Ingest Profiles API Authentication (07-10-2015)
Announcing the formation of the OTTO WG (06-25-2015)
Announcing OAuth 2.0, Deprecating OAuth 1.0 (06-22-2015)
OAuth Quick Start (06-19-2015)
Forms Authentication using Web API (06-16-2015)
Two ways to create your APISpark account (06-16-2015)
The relation between OpenID Connect and OAuth 2 (06-10-2015)
Ping unveils new IAM platform enabling multifactor authentication using Apple Watch (06-09-2015)
Single Sign-On: The Enterprise Solution for Too Many Passwords (06-02-2015)
How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS (05-28-2015)
Single Sign-On For Government Applications Coming in Weeks (05-23-2015)
5 Things to Consider When Using RESTful APIs and OAuth 2.0 (05-22-2015)
Amazon Releases SDKs for Login and Pay with Amazon (05-22-2015)
Introducing Digits Kit (05-20-2015)
New SDKs, Code Samples, & Docs for Login and Pay with Amazon (05-20-2015)
Meet MyUSA: Your one account for government (05-17-2015)
Announcing the Auth0 Open Source Single-Sign-On Dashboard (04-28-2015)
API Keys - SendGrid Documentation (04-27-2015)
Auth0 Europe Launches (04-27-2015)
New ? Glacier Vault Access Policies (04-27-2015)
How to Authenticate Using the Konekt REST API (04-24-2015)
A final farewell to ClientLogin, OAuth 1.0 (3LO), AuthSub, and OpenID 2.0 (04-21-2015)
Passwordless SMS Authentication Using Xamarin (04-21-2015)
Active Directory API - Gives You an Easier Way to Access Data Stored In... (04-19-2015)
Authenticating Users Through OAuth2 in Azure (04-17-2015)
Integrating Multiple Orgs using the OAuth 2.0 SAML Bearer Assertion Flow (04-15-2015)
Salesforce buys mobile authentication startup Toopher (04-01-2015)
Authentication Using JSON Web Token (03-26-2015)
Randall Degges - Why I Love Basic Auth (03-23-2015)
Google's new CAPTCHA security login raises 'legitimate privacy concerns' (GOOG) (02-20-2015)
The need for contextual information within multifactor authentication (02-19-2015)

These are curated as part of my daily work to understand what is happening across the space, and I regularly use them to track on what has occurred overtime, and include them in my guides, whitepapers, and other outputs.

Featured Authentication Companies and Organizations

These are the organizations I come across in my research who are doing interesting things in the API space. They could be companies, institutions, government agencies, or any other type of organizational entity. My goal is to aggregate so I can stay in tune with what they are up to and how it impacts the API space.

Other Authentication Companies and Organizations

These are additional companies who have APIs, but do not have as much detaila nd resources available to rank with the others.

Industry Tag Cloud

This set of tags represent this industry, pulled from the website and marketing materials available for each of the companies listed.

.NET802.11ActiveXAESAmazon Web ServicesAPI LIfeycleAPI Service ProviderApplicationsaspAssemblyAssetsAuthenticationAutomationautomotiveAutopilotAvailabilityBankingbiometricBiometricsblade serversBlockchainblowfishBotsBusiness IntelligenceC#C++CableCAC ReadersCertificateChannelsChatCloudCollectionsCommunications HardwareCommunications SoftwareCompaniesComponentConnectionsControlConverged NetworksConversationsCRMCryptDataData MiningData NetworkData RecoveryData WarehouseDatabasesDatamartDBMSDebuggingDiagnostic SoftwareDigitalDiscoveryEBA RTS complianceeBusinessEmailERPFaxFunctionsGovernanceGroupwareHardwareHas APIHealthcareHR softwareHTTPHTTPSIAMIdentificationIdentitiesIdentityIdentity and Access Management (IAM)Identity SystemsImportsinherenceinherence (biometrics)insightsInsuranceIntelligenceInternet of Things (IoT)intrusion detectionISPIT SecurityKeysLogical AccessLoginLookupsMailManagementManagement SoftwareMarketplacesMediaMessagesMicrosoftMiddlewareMimeMobileMonitoringmulti-factormultimodalNASNetworkNetwork ManagementNetwork SecurityNFC ReadersNFC TagsNotificationsOAuthOCXOffice Productivity SoftwareOpenIDOrchestrationPasswordspayment services directive 2 - SCApayment services directive 2 - strong customer authenticationPaymentsPDA SoftwarePhone NumbersPhysical AccessPKIPlatformProgramming LanguagesProxyPSD2 - SCAPSD2 - strong customer authenticationPushregulatory technical standards complianceRelative DataResourcesRolesRuntimeSanScalable accessScriptsSecurityServerlessService APIService Level AgreementSFTPShort CodesSIPSlackSmart Card ReadersSmart CardsSmartphonesmimeSMSSMTPSocialSocial SharingSoftwareSoftware ArchitectureSoftware DevelopmentSoftware Development ToolsSolution ProvidersSSHSSLStorageStorage Area Networkstrong authenticationsupply chainSyncTargetTasksTelcoTelecommunicationsTelephonyTokenTransformationtraversalTroubleshootingTrustTwitterTwo Factor AuthenticationUsersVB.NETVerificationVerificationsVideoVoiceVoice over IPVOIPVPNVulnerabilityWeb Application DevelopmentWeb SoftwareWebcastsWebhook ImplementationsWebhooksWebinarsWhite PapersWHITEPAPERSWi-FiWifiWirelesswireless internetwireless lanWireless SecurityZip

They reflect the intent of these platforms, helping people understand what is aavailable for integration into applications.