Authentication Blog Posts From API Evangelist

These are the blog items I've written over the last decade when it comes to my Authentication resarch, providing the short form of my research across the API industry.


You can find all of the blog posts I have written over at the main API Evangelist site, these are mean to just be for providing easy access to what I've written when it comes to Authentication.

Curated Authentication News

These are the news items that I have curated during the monitoring of the API space that have some relevance to the Authentication conversation and I wanted to include in my research. I am using all of these links to better understand how the space is defining not just their APIs, but their schema, and other moving parts of their API operations.

Splunk Moves into Microservices Monitoring with SignalFX Acquisition (08-21-2019)
API 101: What even is an API? (08-18-2019)
Token Authentication in Django (08-11-2019)
How OAuth 2.0 Works (08-11-2019)
Enterprise Comparison of API Gateways and ESBs (08-09-2019)
#BHUSA : Open Source is Key to Solving Cyber Skills Gap (08-07-2019)
A Practical Approach to Understanding Kubernetes Authentication (08-02-2019)
A Realistic Path Forward for Security Orchestration and Automation (08-01-2019)
API Authentication with Laravel Janitor: Part 2Laravel JWT Proxy (08-01-2019)
JSON Web Token (JWT) and HTML logins with Devise and Ruby on Rails 5 (07-31-2019)
Security: Additional Considerations (07-31-2019)
Authorization Series (07-31-2019)
Integrate Anypoint With AWS Cognito (07-30-2019)
Using Swagger as a client for an ADFS protected API (07-29-2019)
Arduino Selects Auth0 as Standardized Login for Open (07-28-2019)
Introduction to Identity and Access Management (07-28-2019)
What Is Continuous Authentication? (07-26-2019)
Open ID Connect Authentication With OAuth2.0 Authorization (07-26-2019)
4 Most Used REST API Authentication Methods (07-26-2019)
Role (07-25-2019)
WSO2 API Microgateway: Dealing with Revoked JWT Tokens (07-25-2019)
Troubleshooting Self (07-17-2019)
Applying OAuth on the RingCentral API (Part 2) (07-15-2019)
Token CachingWSO2 API Manager (07-13-2019)
HTTP Basic Authentication With Spring Security (07-13-2019)
Organizations Are Adapting Authentication for Cloud Applications (07-09-2019)
Benefits of Having an API Hub For Your Teams External API Usage (07-05-2019)
Announcing the General Availability of the Auth0 SPA JS SDK (07-02-2019)
What are Json Web Tokens or JWT? (06-30-2019)
Open Letter from the OpenID Foundation to Apple Regarding Sign in with Apple (openid.net) (06-29-2019)
Custom authentication handler to perform either Basic authentication or Oauth2 in the API (06-29-2019)
AWS Control Tower Set up & Govern a Multi (06-24-2019)
OAuth2 Access Token Usage Strategies for Multiple Resources (APIs) Part 2 (06-22-2019)
Laravel Passport, Create REST API With Authentication (05-10-2019)
Working with Cognito: AuthN (05-10-2019)
How to set up two (03-27-2019)
APIdays Expert talksImproving the developer workflow with GitHubs public GraphQL API by Brian (03-16-2019)
Popular cloud apps authentication schemes: OAuth 2.0, API Keys, and more (02-22-2019)
Connecting to Adobe Experience Manager via OAuth 2.0 (02-22-2019)
API Auth and GraphQL in Laravel (02-22-2019)
I have several API keys. (02-22-2019)
Authentication on the Web (02-19-2019)
Popular cloud apps authentication schemes: OAuth 2.0, API Keys, and more (02-15-2019)
SAML on the Rebound (02-11-2019)
Build a REST API(s) from JSON with Authentication (02-09-2019)
Machine Learning Engineering Part 1: how to create a REST API from a custom algorithm, using (02-09-2019)
7 Tips for Visual Search at Scale (02-05-2019)
Access granular collaboration permissions with the Kloudless Sharing API (02-01-2019)
Elastic App Search: Announcing Role Based Access Control (01-29-2019)
Countering Modern Phishing Attacks With Strong 2FA (01-28-2019)
API Authentication With GCP Identity (01-28-2019)
January 2019 Product Update: New Integrations & APIs by PagerDuty (01-23-2019)
OpenID Authentication with Istio (01-18-2019)
Refreshing Bearer tokens with the Box API under highly concurrent workloads (01-18-2019)
Leveraging Microsoft Graph API for memory forensics (01-17-2019)
Accessing Box Enterprise content via JWT and per (01-17-2019)
HDInsight now supported in Azure CLI as a public preview (01-17-2019)
One (01-16-2019)
The What and Why of a Unified Security Strategy (01-16-2019)
Authorizing Office 365 PowerShell commands with OAuth (01-15-2019)
OAuth2 Tips: Token Validation (01-11-2019)
The Right Flow for the Job: Which OAuth 2.0 Flow Should I Use? (01-07-2019)
How to Use JSON Web Tokens (github.com) (01-04-2019)
AWS Cognito User Pool: Advanced security features (12-31-2018)
API Management Reimagined: Authentication, Authorization, and Audit (12-21-2018)
Per (12-19-2018)
API Management for midsize businesses: What you need to know! (12-19-2018)
NodeJS Lambda Authorizer for JSON Web Tokens (12-18-2018)
Transparent Data Encryption (TDE) with customer managed keys for Managed Instance (12-17-2018)
Amazon Connect Adds New Contact API to Get Contact Attributes (12-15-2018)
A Few Thoughts on Security Tokens (12-07-2018)
X.509 Certificate Management with Vault (12-05-2018)
API Microservice Cross Cutting Concern 21: Security Auth/Auth (11-25-2018)
5 Ways To Hack An API (And How To Defend) (11-22-2018)
Security Best Practices for Managing API Access Tokens (11-21-2018)
Dance through OAuth headaches with Serverless (11-20-2018)
Authentication with AWS Cognito (11-19-2018)
Rails API + JWT Authentication (11-16-2018)
JWT: Using the Header and JWS Parameters (11-16-2018)
Stop using JWT for sessions (2016) (cryto.net) (11-04-2018)
Laravel 5.7API authentification with Laravel Passport (10-29-2018)
How to Use Refresh Tokens (10-28-2018)
Novice Guide to Securing API and Firebase Key in Create (10-28-2018)
How to verify the authenticity of a GitHub Apps webhook payload (10-26-2018)
How to Build a Secure API Strategy for the API Economy (10-25-2018)
Security Tokens 2.0: About On (10-11-2018)
How to rotate a WordPress MySQL database secret using AWS Secrets Manager in Amazon EKS (10-08-2018)
AWS Organizations now requires email address verification in order to invite accounts to an organization (09-20-2018)
Token Based Authentication API in Rails with the help of JWT and Knock (09-20-2018)
Trust through transparency: incident response in Google Cloud (09-12-2018)
Allowing Users to Get Their Own OAuth Tokens for Accessing an API (09-08-2018)
Adding Authentication to Your HTTP Triggered Azure Functions (09-07-2018)
Spring Boot and Content Negotiation XML and JSON Representations (09-04-2018)
Everything you need to know about Reacts Context API (09-03-2018)
The practical guide for Building REST API in Nodejs and MongoDB include Passport and JWT (09-02-2018)
Roundup of API Platforms and Specifications (08-31-2018)
Researchers show Alexa skill squatting could hijack voice commands (08-30-2018)
How to use AWS Secrets Manager to rotate credentials for all Amazon RDS database types, including Oracle (08-29-2018)
Using cURL to authenticate with JWT Bearer tokens (08-29-2018)
What is WebAuthn? (08-29-2018)
JSON Web Tokens (JWTs), what they are and if you should use them (08-29-2018)
Instagram Bids to Boost Transparency and 2FA (08-29-2018)
Identity Verification API Inspires Food Security Innovation at AngelHack San Francisco (08-28-2018)
The History of Biometric Authentication (08-28-2018)
How Does HTTP Basic Authentication Work in Spring Security? (08-22-2018)
Burp (08-20-2018)
React OAuth Authentication with Firebase (08-08-2018)
OAuth 2.0 Authorization Code Grant (08-08-2018)
Filestack Tutorials: Setup OAuth for Dropbox (07-25-2018)
How to Implement Spring Security With OAuth2 (07-23-2018)
Create Your Own Google Drive OAuth Application (07-18-2018)
Getting a Handle on Spiraling AWS Lambda Cost in Seconds (07-18-2018)
Serverless Security Risks Laid Bare (07-13-2018)
Understanding AWS Cognito User and Identity Pools for Serverless Apps (07-12-2018)
A crash course on Serverless APIs with Express and MongoDB (07-12-2018)
Multi (07-11-2018)
The 10 commandments of serverless (07-11-2018)
Announcing Kong CE 0.14.0 including Zipkin, Prometheus, and More! (07-05-2018)
New Gluu IAM products! (07-03-2018)
9 Questions for Top (07-03-2018)
Session vs Token Based Authentication (06-30-2018)
Tool: How to set up an API Key on Huobi (06-29-2018)
Configure an External Identity Provider for Single Sign (06-29-2018)
The Importance of Multi (06-29-2018)
Tool: How to set up an API Key on KuCoin (06-28-2018)
Key Considerations in API security (06-27-2018)
How to access secrets across AWS accounts by attaching resource (06-27-2018)
The supplied authentication is invalid (06-27-2018)
Auth Headers vs JWT vs Sessions How to Choose the Right Auth Technique for APIs (06-18-2018)
How to Integrate Salesforce as the Identity Provider of WSO2 API Manager for Single Sign (06-03-2018)
Authentication and authorization with AWS AppSync (06-01-2018)
Old OAuth plugin leaves a number of companies at risk (06-01-2018)
Identity as a Service (IDaaS) (05-30-2018)
Laravel 5.6 Custom Token Base API Authentication (05-26-2018)
Faster and more reliable auth: moving away from Authentication as a Service (AaaS) (05-25-2018)
Okta Offers Devs Free Tool to Set Up Multifactor Authentication (05-24-2018)
Risk is Reality: Our Take on the Recent Auth0 Vulnerability (05-23-2018)
Oktane18: Okta makes authentication API free for apps and websites (05-23-2018)
Okta introduces Sign in with Okta service (05-23-2018)
Remembering OpenID (05-08-2018)
Serverless Hello World in AWS (05-05-2018)
Auth Claims to Go (05-05-2018)
A crash course on securing Serverless APIs with JSON web tokens (05-03-2018)
Service Mesh, Service Discovery and API Gateways Express Gateway (05-03-2018)
Implementing JWT Authentication to your API Platform application (04-28-2018)
Demo: Apigee Edge OAuth2 Debugging (04-20-2018)
Getting Access Token for Microsoft Graph Using OAuth REST API, Part 3 (04-13-2018)
PSD2: What does it mean global banking industry? (04-13-2018)
Understanding the Amazon GameOn API Keys (04-13-2018)
Part 2: The Dark Side of APIs (04-13-2018)
Implement Secure Microservices With Spring Security and OAuth 2.0 (04-13-2018)
A Cognito Protected Serverless API with Golang in Minutes (04-12-2018)
Launching the FACEIT Developer Portal (04-12-2018)
Farsight Security Announces DNSDB API Key Portability Program (04-09-2018)
ASP.NET Core Two Factor Authentication Using Google Authenticator (04-03-2018)
Securing APIS with JSON Web Tokens and an API Gateway (03-26-2018)
A tour through Merkle Town, Cloudflare's Certificate Transparency dashboard (03-23-2018)
Implementing a Custom OAuth Policy in Mule (03-23-2018)
JSON Web Tokens (03-23-2018)
An Overview of Security Tokens (03-22-2018)
Data Security Basics: Authentication, Authorization, Encryption and Auditing (03-22-2018)
Single Sign (03-19-2018)
Use JWT (JWS) for authenticate (03-17-2018)
7 Ways to Know You've Aced Continuous Integration (03-12-2018)
GDPR Effect? (03-12-2018)
Introducing GCPs new interactive CLI (03-09-2018)
How your trading API keys can be used to drain your funds (03-09-2018)
Single Sign (03-09-2018)
Apigee Up Close: Protecting APIs with OWASP Best Practices (03-09-2018)
Using JWT for Sessions (03-09-2018)
3scale ActiveDocs and OAuth 2.0 (03-09-2018)
Conditional Access Control with Microsoft Azure Active Directory (03-08-2018)
Keep Your Account Safe: Two (03-08-2018)
REST API Security (03-08-2018)
Authentication with JWT in Rails API (03-08-2018)
Getting to know Cloud IAM (03-08-2018)
Announcing Gloo: The Function Gateway solo.io Medium (03-06-2018)
Vault Integration Using Kubernetes Authentication Method (03-06-2018)
From open source to sustainable success: the Kubernetes graduation story (03-06-2018)
3scale by Red Hat API and Identity Management Series (03-06-2018)
Secure access to 100 AWS accounts (03-06-2018)
Cache OAuth 2 in Spring With Redis (03-05-2018)
Amazon might introduce its own branded checking accounts (03-05-2018)
AWS Federated Authentication with Active Directory Federation Services (AD FS) (03-02-2018)
Fleet to Integrate Its Satcom Data with Reekoh's IOT Platform (03-02-2018)
Authentication and Content (03-02-2018)
Bing Entity Search API is now available (03-02-2018)
Open Auth Standards: Your Secret to Success With the PSD2 Initiative (03-02-2018)
Protocol OAuth2: lets play with Doorkeeper & Omniauth/OAuth2. (03-01-2018)
Using Cloudflare Workers to identify pwned passwords (02-26-2018)
Why Cloud APIs on GCP is Awesome by leveraging Apigee? (02-25-2018)
Buiding Microservices Using Spring Boot and Docker (02-24-2018)
JSON Web Tokens With Spring Cloud Microservices (02-23-2018)
Microservices Authentication and Authorization Using API Gateway (02-23-2018)
Apigee Up Close: Integrating with Identity Management Systems (02-23-2018)
Instagram authentication with Flutter (02-22-2018)
Secure Spring REST With Spring Security and OAuth2 (02-22-2018)
How to retrieve short (02-22-2018)
3Scale integration with ForgeRock using OpenID Connect (02-22-2018)
Stateless Authentication With JSON Web Tokens (02-21-2018)
Microsofts Building on the Blockchain to Manage Digital Identities (02-21-2018)
An OAuth2 Grant Selection Decision Tree for Securing REST APIs (02-20-2018)
3 Cryptocurrencies To Earn You Money While You Sleep Part 1 (02-19-2018)
How Prepared Are You for PSD2? (02-19-2018)
Authentication and authorization of Pipeline users with OAuth2 and Vault Banzai Cloud (02-18-2018)
An OAuth2 Grant Selection Decision Tree for Securing REST APIs (02-17-2018)
Sqreen wants to become the IFTTT of web app security (02-17-2018)
Security as a business priority (02-16-2018)
NTT DOCOMO Implements Authlete Solution for API Security (02-15-2018)
How to *securely* use SMS two (02-15-2018)
NTT Docomo deploys Authlete's web API access (02-15-2018)
How to enable SAML authentication in Kibana and Elasticsearch (02-14-2018)
How to Use Your Own Identity and Access Management Systems to Control Access to AWS IoT Resources (02-14-2018)
Trulioo Is An API Gateway To Digital Identity Verification (02-14-2018)
AWS Cognito User Pool Access Token Invalidation (02-13-2018)
Simple authentication service with AWS Lambda (02-08-2018)
REST Token based authentication (jwt) (02-07-2018)
Telegram Login Widget Official Telegram authentication for websites (02-07-2018)
Secure Your Vert.x Server With Single Sign (02-06-2018)
ISC Releases Security Advisories for DHCP, BIND (01-17-2018)
Opening banking data and APIs: Land of opportunity or Pandora's box? (01-16-2018)
PSD2: Strong Customer Authentication (01-14-2018)
Abusing Aadhaar authentication API services (01-11-2018)
VueJS Route Security and Authentication (01-04-2018)
The Argument for Risk (01-02-2018)
Serverless with AWS Cognito: Facebook login integration (01-01-2018)
How to use JWT with Salesforce API? (12-31-2017)
Tokens based authentication (12-31-2017)
Create REST API in Laravel with authentication using Passport (12-29-2017)
Why Every Business Needs Two (12-29-2017)
Authentication Provider Best Practices: Centralized Login (12-25-2017)
Azure Security Audits With Pester (12-22-2017)
grpc/grpc (12-22-2017)
Grpc authentication token (12-22-2017)
Twitter Expands 2FA Options to Third (12-21-2017)
Twitter now supports 2 (12-20-2017)
What is JSON and why is it important? (12-20-2017)
Twitter adds more verification options for two (12-20-2017)
Twitter adds support for app (12-20-2017)
TelegramRAT Scurries Around Defenses Via the Cloud (12-20-2017)
AWS Organizations Now Supports Self (12-19-2017)
US Government Pays $10,650 Bug Bounty in 'Hack the Air Force' Event (12-18-2017)
The Illustrated Guide to Google OAuth With Temboo (12-15-2017)
Why Your IAM's Definition Of User Could Be Costing You Millions (12-15-2017)
Using Gmail with OAUTH2 in Linux and on an ESP8266 (12-14-2017)
Security Planner (12-14-2017)
What is ETL (Extract, Transform, Load)? ETL Explained (12-13-2017)
Authentication Provider Best Practices: Centralized Login (12-12-2017)
Upcoming changes to AdWords OAuth Scope (12-11-2017)
The importance of OAuth 2.0 (12-10-2017)
Azure App Service Custom Authentication (12-09-2017)
Using Kong with Kubernetes (12-09-2017)
Kaspersky Lab: D.C. office no longer viable and will close (12-08-2017)
The Dangers of a 'Trust and Forget' Approach to Data Security (12-08-2017)
Introducing AWS Single Sign (12-07-2017)
AWS Serverless Application Model Template for Lambda Function proxied by API Gateway (12-07-2017)
Securing .NET Core 2.0 Applications with JWTs (12-07-2017)
OAuth whitelisting can now control access to GCP services and data (12-06-2017)
OWASP Top 10 2017: What your app sec team needs to know (12-06-2017)
How to Get Scopes Related with an Application Based on Subscribed APIs in WSO2 API Manager 2.1.0? (12-06-2017)
Enabling Two (12-05-2017)
Study: Simulated Attacks Uncover Real (12-05-2017)
Kong meets Auth0 Scaleout Ninja (12-05-2017)
How to Improve OAuth Security With HMAC Validation (12-05-2017)
Pricing (12-04-2017)
Understanding WSO2 API Manager Deployment Patterns (12-04-2017)
Credential Management API (12-01-2017)
Web Authentication: What It Is and What It Means for Passwords (12-01-2017)
OAuth with PHP, Part One: getting access tokens. (11-30-2017)
Introducing 0x Connect (11-29-2017)
Facebook uses selfies as login authentication for suspicious activity (11-29-2017)
Build a Secure SPA With Spring Boot and OAuth (11-27-2017)
Single Sign On: Feature or Threat? (11-27-2017)
Going Serverless with AWS Serverless User Authentication Part 3 (11-26-2017)
Building Your First Crystal Web App and Authenticating With JWTs, Part 2 (11-23-2017)
OAuth2 Configuration in 3Scale API Management (and APICast) with Red Hat SSO (11-22-2017)
2FA Two Factor Antiquated (11-22-2017)
Rate Limiting Serverless Apps Two Patterns (11-21-2017)
How APIs Can Inspire The Complete Reinvention of an Old Business (11-17-2017)
Applications for Tarantool, Part 2: OAuth 2 Authorization via Facebook (11-17-2017)
Webpack Set API Keys Depending On Environment (11-16-2017)
B2B Authentication Solution for APIs using AWS Cognito UserPools (11-16-2017)
Secure Your Node.js Website With OpenID Connect (11-15-2017)
Who Am I? Best Practices for Next (11-15-2017)
Twitter launches new paid API plans and makes it easier for devs to check their usage (11-14-2017)
Why Cant I Just Send JWTs Without OAuth? (11-14-2017)
Securing Golang API using Json Web Token (JWT) (11-13-2017)
Secure your Spring Boot API with JSON Web Tokens (11-12-2017)
Less Than One (11-07-2017)
State of the Auth: Experiences and Perceptions of Multi (11-07-2017)
How we develop APInf Platform REST APIs openly (11-07-2017)
Implementing Authenticated Identity with Trusted Key and Auth0 (11-06-2017)
Postman makes authorization stronger and easier (11-03-2017)
Generate beautiful Swagger API documentation from Insomnia (11-03-2017)
The Developer (11-01-2017)
How to Keep Your API Keys Safe (11-01-2017)
Authentication Using JSON Web Tokens (11-01-2017)
How do you authenticate, mate? (10-31-2017)
Docker Authentication with Keycloak (10-31-2017)
Vessel is a Lightweight Docker Environment for Laravel (10-30-2017)
Introducing the 0x Standard Relayer API (10-26-2017)
3scale API Management Simplifies OpenID Connect Integration (10-26-2017)
API Keys versus OAuth (10-25-2017)
How to securely store API keys (10-25-2017)
How to Rate (10-25-2017)
Daptin walk through: oauth2, google drive, subsites and grapejs (10-24-2017)
Leave legacy authentication behind and rebuild trust (10-24-2017)
Adding OAuth2 to Mobile Android and iOS Clients Using the AppAuth SDK (10-24-2017)
Building a simple token based Authorization API with Rails. (10-23-2017)
Should You Make Your Users Log In? (10-23-2017)
New Architecture of OAuth 2.0 and OpenID Connect Implementation (10-22-2017)
OAuth 2.0 Best Practices for Native Apps (10-19-2017)
OpenID Connect Identity Brokering with Red Hat Single Sign (10-18-2017)
Facebook Authorization in a React App (10-16-2017)
The Return of Authorization (10-16-2017)
Secure Spring Boot REST API using Basic Authentication (10-13-2017)
JSON web token based authentication in Django (10-13-2017)
Email Authentication 101 (10-13-2017)
Consolidating Multiple Identity Sources with Auth0 (10-12-2017)
The Beer Drinkers Guide to SAML (10-12-2017)
Google Token Authentication with Laravel (10-11-2017)
Using Cloud Functions for a Managed REST API with API Key Access (10-09-2017)
Build Personalized Marketing With Identity Management (10-09-2017)
Enhancing Productivity With Identity and Access Management (10-06-2017)
Postman survey shows that API documentation needs improvement (10-05-2017)
Integrating GitHub and GitLab with Scripts (10-04-2017)
White House wants to end Social Security numbers as a national ID (10-03-2017)
Google Upgrades Cloud Access Controls (10-03-2017)
Introducing custom roles, a powerful way to make Cloud IAM policies more precise (10-03-2017)
Deploying any React app on Heroku (10-03-2017)
The Top 20 AWS IAM Documentation Pages so Far in 2017 (10-02-2017)
SAP to Acquire Gigya: What's Next for Identity Management? (10-02-2017)
Google plans to upgrade two (09-29-2017)
Amazon Cognito User Pools Now Integrates with Amazon Pinpoint to Add Analytics for User Pools (09-27-2017)
How to load test a realtime multiplayer mobile game with AWS Lambda and Akka (09-25-2017)
Announcing general availability of the new App Service Premium Plan (09-25-2017)
EnvKey Protect api keys and credentials. Keep config in sync. (09-25-2017)
How to Do GitHub API Authentication Using OAuth 2.0 (09-24-2017)
DreamFactory 2.9 adds AD SSO, GitHub, and GitLab (09-24-2017)
You can now use two (09-23-2017)
Add Authentication and Billing to Your API on AWS [Tutorial] (09-22-2017)
Run collections with file uploads using Newman (09-21-2017)
Securing Microservices: The API gateway, authentication and authorization (09-20-2017)
Okta Wants to Be an Identity Service for Developers (09-20-2017)
Secure (and usable) multi (09-19-2017)
Amazon Web Services will now charge by the second, its biggest pricing change in years (09-18-2017)
This is why you shouldnt use texts for two (09-18-2017)
How To Submit Your Security Tokens to an API Provider, Pt. 2 (09-16-2017)
How To Submit Security Tokens to an API Provider, Pt. 2 (09-15-2017)
AWS IAM Policy Summaries Now Help You Identify Errors and Correct Permissions in Your IAM Policies (09-15-2017)
Building Account Systems (09-15-2017)
Industry Seeks Tough Enforcement Of API Performance (09-15-2017)
Instagram API Authentication using Swift (09-14-2017)
Add Authentication and Billing for Your API on Heroku [Tutorial] (09-13-2017)
Adding FullContact to your Auth Process For Profile Enhancement (09-13-2017)
Why You Need to Give Away Your API for Free (09-12-2017)
Authentication as a Service, an honest review of Auth0 (09-11-2017)
Please stop calling SMS codes two (09-10-2017)
Now Create and Manage AWS IAM Roles More Easily with the Updated IAM Console (09-08-2017)
Research delivers insight into the API management market (09-08-2017)
How To Submit Security Tokens to an API Provider, Pt. 1 (09-08-2017)
Cloud Auth (09-08-2017)
Why You Should Not Manage Your Users' Identities (09-06-2017)
The Total Economic Impact of An API Management Solution (09-04-2017)
USER MANAGED ACCESS 2.0 (09-03-2017)
Cloud Identity (09-01-2017)
You shouldn't use your phone number for 2 (09-01-2017)
Session Hijacking Bug Exposed GitLab Users Private Tokens (08-31-2017)
ETL data from 60+ sources into Snowflake with Stitch (08-31-2017)
Solving the Identity Crisis with Username Aliases (08-31-2017)
Okta API strategy aims to bridge gap between customer experience and security (08-29-2017)
Authentication of DocFinder using Auth APIs (08-29-2017)
Okta Launches APIs and New Developer Edition to Power Identity for Every App (08-29-2017)
Authentication of DocFinder using Auth APIs (08-29-2017)
Now Available: Improvements to How You Sign In to Your AWS Account (08-25-2017)
Launch Amazon Cognito User Pools General Availability: App Integration and Federation (08-25-2017)
login.gov (08-24-2017)
GitHub (08-24-2017)
Using JSON Web Tokens with CUWebAuth (08-21-2017)
Restful Renders (08-21-2017)
Secure web services using JWT and Slim Framework (08-18-2017)
Develop and Deliver an API (08-18-2017)
Context Aware Encoding (beta) (08-17-2017)
Open States API Keys (08-17-2017)
Integrating PicketLink with OKTA for SAML based SSO (08-17-2017)
The state of authentication: Is a passwords replacement imminent? (08-16-2017)
SSO is Easy with DB Systel and AWS (08-15-2017)
Tutorial 5: How to Build a Laravel 5.4 JWT Authentication API with E (08-14-2017)
How to Hide API Keys When Building Web Apps On CodePen (08-14-2017)
API Protection Requires Both User and App Authentication (08-14-2017)
AWS CloudHSM Update Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads (08-14-2017)
The Guy Who Made Up All Those Password Rules Is Sorry (08-12-2017)
Overview: OAuth API v4 (08-10-2017)
Integrating Audience with Single Sign (08-10-2017)
Implementing JWT Authentication on Spring Boot APIs (08-10-2017)
Introducing mobile prompts for two (08-10-2017)
Implementing JWT Authentication on Spring Boot APIs (08-10-2017)
Ionic Framework: Getting Started (08-08-2017)
Create a Drupal Site and Add Authentication with Auth0 (08-02-2017)
Tutorial 4: How to Build a Laravel 5.4 JWT (08-01-2017)
Login With Facebook In Laravel 5.4 (07-31-2017)
Citizen sensing, air pollution and fracking: From caring about your air to speculative practices of evidencing harm (07-30-2017)
Auth API Calls (07-29-2017)
Login with Amazon Integrations: Amazon Cognito (07-28-2017)
Authenticating Studio Users using Single Sign (07-27-2017)
What is Modern Two (07-27-2017)
Callsign pulls in $35M Series A for its adaptive authentication platform (07-27-2017)
Authenticating Android Apps Developed in Kotlin (07-27-2017)
Logitech Circle 2 is a great surveillance system, but for a price (07-26-2017)
Memahami OAuth 2.0 (API Security) (07-25-2017)
Don't Pass on the New NIST Password Guidelines (07-25-2017)
New Twilio APIs Can Help Developers with Authentication, Session Management, Data Synchronization (07-25-2017)
Filestack Web SDK V3 0.7 Updates (07-24-2017)
Wisconsin company offers staff implants for keys and passwords (07-24-2017)
Use Google KMS to control encryption keys in the cloud (07-24-2017)
Securing API Keys inside Android Apps using Android NDK (07-24-2017)
How to Use AWS Organizations to Automate End (07-24-2017)
APIMatic: The first ever SDK generator to support OAuth 2.0 (07-23-2017)
AMD Relies on Auth0 For Seamless Authentication of Enterprise Portal (07-21-2017)
RISE & Shine: 5 reasons why RISE conference works for companies like Tyk (07-21-2017)
Help keep your Google Cloud service account keys safe (07-19-2017)
Angular 4 Third Party APIs (07-19-2017)
Google adds security features to help block unverified apps (07-18-2017)
Identification (07-18-2017)
Google will nudge SMS two (07-14-2017)
Leaky Images in OAuth (07-14-2017)
Introducing Token Exchange for Box Platform (07-13-2017)
2FA FTW? Two (07-13-2017)
OpenID Connect Logout (07-12-2017)
Google OAuth Developer Reviews Explained (07-12-2017)
How to Configure Even Stronger Password Policies to Help Meet Your Security Standards by Using AWS Directory Service for Microsoft Active Directory (07-12-2017)
Add the Power of Voice to a Multi (07-11-2017)
Siri usage and engagement dropped since last year, as Alexa and Cortana grew (07-11-2017)
Knock JWT Auth for Rails API + Create React App (07-10-2017)
Two (07-10-2017)
Iris Recognition for Two Factor Authentication with Ruby on Rails (07-10-2017)
Sails Backend for Angular2+ Auth (07-09-2017)
Getting Token Authentication Right in a Stateless Single Page Application (07-07-2017)
Customizing a user signup workflow in WSO2 API Manager (07-05-2017)
The Blockchain Fuels StartupsUnlike Any You've Ever Seen (07-01-2017)
Datical Aims to Bring DevOps Speeds to the Database (06-29-2017)
Identity now available in SQL Data Warehouse (06-28-2017)
Pinterest enables two (06-27-2017)
SCIM System for Cross (06-27-2017)
Enterprise identity made easy in Google Cloud Platform with Cloud Identity (06-27-2017)
Pinterest begins rolling out two (06-27-2017)
Cloud Identity Leader Auth0 Adds $30 Million Series C (06-27-2017)
NIST Releases New Digital Identity Guidelines (06-26-2017)
How do I generate a TrackingMore API key (06-24-2017)
Parallelizing Large Simulations with Apache SparkR on Databricks (06-23-2017)
Yelp Dataset Challenge Round 8 Winner (06-22-2017)
Securing Application Secrets with EC2 Parameter Store (06-22-2017)
How hackers can steal your 2FA email account by getting you to sign up for another website (06-22-2017)
OAuth 2.0 Threat Landscapes (06-22-2017)
CA Technologies Adds New Capabilities to Its API Management Portfolio (06-21-2017)
BBVA becomes the latest incumbent to join the digital ID race (06-21-2017)
AWS Marketplace Update SaaS Contracts in Action (06-20-2017)
Load Testing using CircleCI and k6 (06-19-2017)
Identity Propagation in an API Gateway Architecture (06-17-2017)
Hasura Auth API + Postman collection (06-17-2017)
Hasura Auth API (06-16-2017)
Twitter's 2 (06-16-2017)
Copying Runscope Environments using the Runscope API (06-16-2017)
How OneLogin Was Compromised and the Lessons for the Rest of Us (06-16-2017)
Nearly 3 million FCC commenters' email addresses 'unintentionally' exposed through API (06-16-2017)
Auth0 is now part of UK's official Digital Marketplace G (06-16-2017)
Authentication for Great Apps (06-14-2017)
New houses will have Alexa and Wi (06-14-2017)
Revoking JWTs (06-14-2017)
Test your APIs with Insomnia REST client (06-14-2017)
Hands (06-13-2017)
IBM Launches Identity Service (06-13-2017)
Turn CSV files into REST APIs with DreamFactory's Data Importer (06-13-2017)
Identity Propagation in an API Gateway Architecture (06-13-2017)
Grammar of the IAM Policy Language (06-12-2017)
Bancor Network A solution for creating ever (06-12-2017)
Why You Should Use Access Tokens to Secure an API (06-11-2017)
Taking advantage of Mailchimp web hooks (06-08-2017)
Build with BitScoop: Social Login (06-07-2017)
The leaked NSA report shows 2 (06-06-2017)
The Virtual Hackathon and an Experimental API by Status.im (06-06-2017)
Myki Authenticator Login to any account on any device with your fingerprint (06-05-2017)
Facebook now lets you find and contact your government reps right from your posts (06-05-2017)
SecureLogin Authentication Protocol 1.0, GDB 8.0, Boundless Suite 4.0, Audioburst (06-05-2017)
Jetpack Services for Clef Users Jetpack for WordPress (06-02-2017)
API Updates: Authentication, Add Buckets and More (06-01-2017)
OneLogin suffers breachcustomer data said to be exposed, decrypted (06-01-2017)
OneLogin: Breach Exposed Ability to Decrypt Data (06-01-2017)
Force Expiring of JWTs with Refresh Tokens (06-01-2017)
Open, private and secure by default: US Census Bureau to switch API from HTTP to HTTPS (05-31-2017)
SMS Passwordless Authentication (05-31-2017)
How this teen's life changed after deleting all social media (05-30-2017)
API Basics (05-29-2017)
The Firewall of the Future Is Identity (05-29-2017)
Twitter Kit 3 Brings Improved Sharing, Authorization to App Developers (05-26-2017)
Go Beyond Username/Password with Modern Authentication (05-26-2017)
New Features for IAM Policy Summaries Resource Summaries (05-25-2017)
Maintaining API authentication using Axios (05-25-2017)
Identity and Access Considerations for Public & Private Clouds (05-25-2017)
Firebase Phone Auth (05-25-2017)
Stripe Connect The payments platform for platforms (05-25-2017)
An Introduction to Ethereum and Smart Contracts: an Authentication Solution (05-23-2017)
Authentiq Strong authentication, without the passwords (05-23-2017)
Introducing DreamFactory's OpenID Connect Service (05-22-2017)
Authentiq Strong and secure authentication without the passwords. (05-20-2017)
Streaming APIs (05-19-2017)
Using Squares REST APIs to Build a Sandbox Dashboard Part 1: Authentication & Locations. (05-18-2017)
One Standard to Rule Them All: A Common Language for the Clouds Identity Management Crisis (05-18-2017)
Get Realtime Authentication Events with Auth0 and Pusher (05-18-2017)
New in the Congress API: Congressional Statements and More (05-17-2017)
Two (05-17-2017)
Now Available: Use Resource (05-16-2017)
Introducing Auth0 Extend: The new way to extend your SaaS (05-16-2017)
Google will review web apps that want access to its users' data (05-13-2017)
Google Blocks OAuth Requests Made Via Embedded Browsers (05-12-2017)
What Is the Difference Between Site Login and HTTP Authentication? (05-12-2017)
SSA Plans Stronger Website Authentication (05-11-2017)
Updating developer identity guidelines and registration processes to protect users (05-11-2017)
SSA.GOV To Require Stronger Authentication (05-10-2017)
Bluetooth Chooses Auth0 to Implement Standards Based Authentication (05-10-2017)
Authorization and Authentication With RBAC (Part 2) (05-10-2017)
Managing Secrets on OpenShift Vault Integration (05-09-2017)
Things to Use Instead of JWT (05-08-2017)
Token Migration Plan Pt.2 (05-08-2017)
Down the SAML Code (05-03-2017)
User Management Request for Information (RFI) (04-27-2017)
Microsoft App Aims to Delete the Password (04-26-2017)
Tweet: Getting Started with the @Okta API and OpenID Connect https://t.co/mw6FfPPBCf (04-25-2017)
Russian hackers use OAuth, fake Google apps to phish users (04-25-2017)
Simple OAuth2 Authorization Server with Identity Server and .NET Core (04-22-2017)
Getting started with Cloud Identity-Aware Proxy (04-21-2017)
Microsoft is killing off passwords (MSFT) (04-19-2017)
Token Migration Plan Pt.1 (04-19-2017)
Firebase- Authentication Using AngularJS (04-18-2017)
Microsoft kills the password with phone-based log-in (04-18-2017)
Announcing the Postman Enterprise Beta, with Single Sign-On (SSO) (04-13-2017)
Ship your Auth0 logs to Azure Log Analytics (04-13-2017)
Social Login On The Rise: How Secure Is It? (04-12-2017)
JSON Web Token (JWT) Signing Algorithms Overview (04-11-2017)
Tweet: Extending #OAuth2 and @openid Connect as the enterprise standard for #API security https://t.co/q4ZQV2kba1 @GetLevvel (04-07-2017)
Authentication (04-06-2017)
When to Build and When to Buy (04-06-2017)
Brute Forcing HS256 Is Possible: The Importance of Using Strong Keys in Signing JWTs (04-05-2017)
Updates to end user consent for 3rd-party apps and Single Sign-on providers (04-03-2017)
How To Get A 360 View of Your Customer By Managing Identity (03-24-2017)
How to set up two-factor authentication for your Apple ID and iCloud account (03-24-2017)
Instagram adds two-factor authentication, censors photos that are deemed offensive or disturbing (03-23-2017)
Instagram Has Two-Factor Authentication Now, So Turn It On (03-23-2017)
Why OAuth 2.0 Is Vital to IoT Security (03-23-2017)
Analyzing Identity in Movies (03-17-2017)
Facebook OAuth Login & Register with PHP (PHP Scripts) (03-17-2017)
REST API can we get rid of Basic Auth? (03-11-2017)
Announcing support for IAM users with MFA in the AWS SDK for #golang! (03-10-2017)
Tweet: Amazon Cognito is now available in our EU (London) region! https://t.co/uONwGtmAyE https://t.co/gwbXiMVMXB (03-10-2017)
Protecting images and videos via cookie-based authentication (03-08-2017)
Tool to generate the amadmin password hash in OpenAM (03-08-2017)
Discontinuing Support for Clef Two Factor Authenticity (03-06-2017)
Stormpath Joins Forces With Okta - Stormpath User Identity API (03-06-2017)
Stormpath Joins Forces With Okta (03-06-2017)
Okta scoops up Stormpath team to ramp up identity platform for developers (03-06-2017)
Tweet: DreamFactory's SAML 2.0 Service https://t.co/JQ7B1yzpvX by @dfsoftwareinc https://t.co/QsqBlQYq2O (03-03-2017)
Tweet: DreamFactory's SAML 2.0 Service https://t.co/XT69PJna4U by @dfsoftwareinc https://t.co/Bu3jyyKjKP (03-03-2017)
Authentication-as-a-Service: Auth0 vs. Backand (03-02-2017)
GitHub Adds To Online Service Capabilities In A Bid For Business Developers (03-02-2017)
What Does WSO2 Identity Cloud Bring To The Table? (03-02-2017)
Tweet: https://t.co/VDZYKUBW2I just got better for businesses with SAML SSO, automated access provisioning, and more! https://t.co/xueTvIOkII (03-01-2017)
API Keys vs OAuth Tokens vs JSON Web Tokens (03-01-2017)
How to implement OpenID Connect authentication in a Django app using oxd and the Gluu Server (03-01-2017)
Tweet: Securing Apigee Edge with an external #SAML-based identity provider https://t.co/eLPYK3R8Z9 @pbhogill (02-28-2017)
OpenID Connect Certification (02-28-2017)
AWS Organizations Policy-Based Management for Multiple AWS Accounts (02-27-2017)
Houghton Mifflin Harcourt Chooses Auth0 to Consolidate Identity (02-27-2017)
SHA1 Is No Longer Recommended, But Hardly a Failure (02-27-2017)
Bringing U2F to the Masses (02-24-2017)
Tweet: No 1Password data was put at risk through the bug reported earlier today. https://t.co/S7G62Qw85Q (02-23-2017)
Auth0 is OpenID Connect Certified (02-23-2017)
Ionic 2 With Firebase: Signing in OAuth 2 (02-23-2017)
Updates to DigitalOcean Two-factor Authentication (02-23-2017)
Email Verification in Firebase Auth (02-21-2017)
Multi-Factor Authentication and Identity Management (02-18-2017)
How to Bootstrap an OAuth2 Authorization Server With UAA (02-17-2017)
Introducing Auth0 Hooks (02-17-2017)
You can now use Google Authenticator and any TOTP app for Two-Factor Authentication (02-16-2017)
Building a Serverless Application with Stormpath Authentication (02-15-2017)
Verifying Constituency: A Sovrin Use Case (02-13-2017)
WhatsApp Rolling Out 2-Step Verification (02-11-2017)
Authentication-as-a-Service: Auth0 vs. Backand (02-09-2017)
WhatsApp switches on two-factor verification for 1.2 billion users (02-09-2017)
Is Multifactor Authentication The Best Way To Secure Your Accounts? Myths And Reality (02-08-2017)
Steps to Building Authentication and Authorization for RESTful APIs (02-07-2017)
GitHub adds new two-factor lockout recovery features (02-06-2017)
Auth flows with Firebase UI on the Web (02-03-2017)
NIST Seeks Input On Trusted Identities Guidance (02-02-2017)
DreamFactory 2.4.2 adds logging, SAML, and Azure AD (01-31-2017)
Feature announcement: two-factor authentication (01-31-2017)
Facebooks new tool looks to replace traditional two-factor authentication (01-30-2017)
Mozilla Replaces Persona with Auth0 for Identity and Access Management (IAM) (01-30-2017)
Building and Securing Koa and Angular 2 with JWT (01-19-2017)
The Problem with Secure User Authentication in WordPress (01-19-2017)
How Intuit Uses OpenID 2.0 to Implement Single Sign On (01-18-2017)
How to create an application in Kotlin and secure it using JSON Web Tokens (JWTs) (01-18-2017)
End-user authentication options on Context.IO (01-13-2017)
Authorization vs. Authentication - What's the Difference? (01-12-2017)
Building An Instagram Clone With GraphQL and Auth0 (01-12-2017)
Introducing Zuuljs: Conditional Access Manager for Your IoT (01-12-2017)
Cloud Key Management Service (01-11-2017)
Google Cloud Platform launches Key Management Service in beta (01-11-2017)
Googles Cloud Platform gets a new key management service (01-11-2017)
Tweet: Token Authentication for Cached Private Content and APIs: https://t.co/iKVvFdA3Gx https://t.co/Ku3B7FSzsL (01-10-2017)
Token Authentication for Cached Private Content and APIs (01-10-2017)
Tweet: RT @mogui247: A Kong plugin, that let you use an external Oauth 2.0 provider to protect your API https://t.co/rJLED5Zeh5 #opensource @masha… (01-03-2017)
How to Load Test SAML SSO Secured Websites with JMeter (12-26-2016)
Using Authy Two-Factor Authentication in Node.js and AngularJS (12-16-2016)
How to Enable Two-Factor Authentication on Twitter (12-15-2016)
JWT is not an authentication protocol (12-15-2016)
Working with LoopBack Authentication and Authorization (12-15-2016)
Google adds single-sign-on features in latest Android Wear 2.0 preview (12-13-2016)
How To Enable Two-Factor Authentication on Outlook.com and Microsoft (12-13-2016)
Signing into One Billion Mobile App Accounts Effortlessly with OAuth2.0 (11-12-2016)
Securing JSPs with Spring Security and Stormpath (11-10-2016)
OAuth 2.0 Vulnerability Leads to Account Takeover (11-08-2016)
API Best Practices: Authentication (10-31-2016)
An Introduction to AWS IAM (10-20-2016)
Two-Factor Authentication: Who Has It and How to Set It Up (10-19-2016)
User Authentication in Java 8 (10-19-2016)
Build together with App Collaborators (10-18-2016)
Demystifying OAuth2 in DFP (10-18-2016)
Storing JSON objects in LDAP attributes? (10-18-2016)
Protect Bearer Tokens Using Proof of Possession (10-12-2016)
Planet-scale authentication with Auth0 and Azure DocumentDB (10-11-2016)
Query Strings and URL Fragments in Login with Amazon Responses (10-11-2016)
JSON Web Tokens are made for Microservices (10-10-2016)
Easier OAuth setup with new OAuth libraries (10-10-2016)
Tweet: We've added support for Intercom to four OAuth libraries to make it easier to get setup – https://t.co/wKwCtaPcCF (10-10-2016)
Limiting OpenID Connect Community Client Support (10-06-2016)
Quantum Tokens for Digital Signatures (10-06-2016)
Enterprise Grade Authentication and Access Control on IoT (Part 2) (10-03-2016)
Announcing: Multi-Factor Authentication in Stormpath! - Stormpath User Identity API (09-30-2016)
Lock Up Your Raspberry Pi with Google Authenticator (09-30-2016)
Using API Gateways and JWTs for Identity Management in Microservice Based APIs (09-29-2016)
Angular 2 Authentication Tutorial (09-29-2016)
Announcing the Sovrin Foundation (09-29-2016)
Enhanced third-party access protection for Google Sheets (09-29-2016)
Increased account security via OAuth 2.0 token revocation (09-29-2016)
Saying goodbye to OAuth 1.0 (2LO) (09-29-2016)
Setting Expectations for Accessing User Data via OAuth (09-29-2016)
Announcing Auth0's Identity Glossary (09-28-2016)
BeyondTrust Announces Password Management API (09-27-2016)
Identity Management in Spring Boot with Twilio and Stormpath in 15 Minutes (09-27-2016)
Mobile Fraud Changes Outlook for Multifactor Authentication (09-27-2016)
Google embraces the log-in, leaving cookies behind in new advertising updates (09-26-2016)
Apache Shiro Stormpath Integration 0.7.1 Released (09-22-2016)
Increased account security via OAuth 2.0 token revocation (09-21-2016)
Moving from LDAP to SAML authentication (09-21-2016)
Two-step authentication has arrived on iOS (09-19-2016)
Setting Expectations for Accessing User Data via OAuth (09-17-2016)
Tweet: A personal hackathon with the goal of demystifying #OAuth2 in a fun way! The result : OZorkAuth https://t.co/jPezy5tGsj (09-15-2016)
Intuit OAuth Server Maintenance on September 21st, 2016 ? Some Action Required (09-14-2016)
Analyzing Passwordless Connections Data: What can we learn? (09-09-2016)
Tweet: Intro to @QuickBooks Online REST #API with #OAuth1.0 by @manasmukh https://t.co/K8vxfYB6q5 #developer (09-08-2016)
Use NGINX Plus and Auth0 to Authenticate API Clients (09-08-2016)
Authenticating Users to Existing Applications with OpenIDConnect and NGINXPlus (09-07-2016)
Spring Security OAuth2 ? Client Authentication Issue (09-05-2016)
OAuth: Get Client Credentials Using Postman (09-02-2016)
About license keys (08-31-2016)
Stateless Sessions for Stateful Minds: JWTs Explained and How You Can Make The Switch (08-31-2016)
Google partners with Okta to enable secure multi-cloud deployments (08-30-2016)
Google partners with Okta to enable secure multi-cloud deployments (08-30-2016)
Okta's API access product targets the trend toward services (08-30-2016)
Login with Facebook ( In 20 lines of PHP code ) (08-28-2016)
Announcing Auth0 Guardian, Multifactor Made Easy (08-25-2016)
Here?s Exactly Why SMS Two-Factor Is Not Enough (08-25-2016)
PlayStation Network Gets Two-Factor Authentication (08-25-2016)
Authentication startup Auth0 raises $15M as it beefs up security features (08-24-2016)
Announcing Password Breach Detection for Auth0 (08-24-2016)
2-Step Verification is here! (08-22-2016)
Complete AWS IAM Reference (08-18-2016)
Using HBase to Create an Enterprise Key Service (08-18-2016)
Rackspace Cloud Identity Api 2.0 (08-17-2016)
Enhanced third-party access protection for Google Sheets (08-11-2016)
New ? Bring Your Own Keys with AWS Key Management Service (08-11-2016)
New! Import Your Own Keys into AWS Key Management Service (08-11-2016)
New feature: Assign rights by service (08-09-2016)
API Gateway Custom Authorization With Lambda, DynamoDB, and CloudFormation (08-09-2016)
Cookie Authentication and Session Management (08-09-2016)
OAuth 2.0 Token Management With Stormpath and Spring Boot (08-07-2016)
Google is trying to stop you having to put in passwords (08-06-2016)
Dashlane and Google Intro Open YOLO API for Secure Android Logins (08-05-2016)
Dashlane and Google team up for 'OpenYOLO' security project (08-04-2016)
Dashlane, Google launch ?OpenYOLO?, an API-based password project for Android apps (08-04-2016)
Google partners with Dashlane for an open-source login API (08-04-2016)
Dashlane Teases Open API for App Logins (08-04-2016)
JSON Web Tokens(JWTs) vs Sessions in Practice (08-04-2016)
NIST is No Longer Recommending Two-Factor Authentication Using SMS (08-03-2016)
Analyzing Enterprise Connections Data: What can we learn? (08-02-2016)
My Mommy Identity (08-02-2016)
Tweet: Social Security Administration now requires 2-factor SMS auth. Still easy to sign up as someone else though https://t.co/Q4SrgrtAUz (08-01-2016)
One password reset to rule them all! (07-26-2016)
Is your app ready for token revoke? (07-25-2016)
New AWS Compute Blog Post: Help Secure Container-Enabled Applications with IAM Roles for ECS Tasks (07-20-2016)
Announcing the Auth0 Partners Program (07-18-2016)
Enable Client-Side SSL Authentication of an API with the API Gateway Console (07-16-2016)
Two Factor Auth (2FA) ? List of websites and whether or not they support 2FA (07-12-2016)
Presentation: Two-factor Authentication (07-12-2016)
? Switching to Apple?s two-factor authentication (07-06-2016)
Screencast: Test OAuth2 Secured API with DHC (07-06-2016)
2-Factor Authentication Creates Trust, Security, and Competitive Advantage (07-01-2016)
Using the New Auth Component for Angular 2 With DreamFactory (06-24-2016)
Avoiding Password Reuse Attacks With Auth0 (06-23-2016)
Introducing Firebase Authentication (06-23-2016)
Creating your first Laravel app and adding authentication (06-22-2016)
Support for Universal 2nd Factor Authentication (06-22-2016)
Using the new auth component for Angular 2 (06-21-2016)
JSON Web Tokens With Spring Cloud Microservices (06-20-2016)
Adding Authentication to Your React Native App Using Json Web Tokens (06-19-2016)
Everything you need to know about 3-legged authentication and Context.IO (06-10-2016)
Firebase Authentication With the Firebase 3.0 SDK and Auth0 Integration (06-10-2016)
Slicker user authentication with Twitter Kit 2.2 (06-08-2016)
Sharing Authentication Between Socket.io and a PHP Frontend (Using JSON Web Tokens) (06-07-2016)
Visualize and Search Your Auth0 Logs Using Sumo Logic (06-07-2016)
Adding Authentication to a Native Desktop C# App with JWTs (06-06-2016)
Integrate Tyk with Auth0 (05-17-2016)
User-based Authentication with Loopback (05-17-2016)
Why Federated Identity Management Matters (05-17-2016)
OAuth2 Scope Sunset for DFP API (05-12-2016)
Using the Auth0 Postman Collections (05-12-2016)
Investing, Authentication, and a Few Bots Take the Stage at Finovate (05-11-2016)
Token Authentication: The Secret to Scalable User Management (05-11-2016)
Providing A Set Of API Keys For Developers To Test Out Different API Outcomes (05-10-2016)
?Sign-In with Slack? challenges Facebook, Twitter and Google for log-ins (05-10-2016)
Heroku Connect APIs Now GA (05-10-2016)
How to use API Connect to Manage LoopBack APIs (05-10-2016)
Introducing Improved User Search Functionality in the IAM Console (05-10-2016)
Introducing Sign in with Slack (05-10-2016)
Sign in with Slack ? Let users login to your site with Slack (05-10-2016)
Slack intros 'Sign in with Slack' to streamline app logins (05-10-2016)
Twilio Provides Test API Credentials With Magic Phone Numbers (05-09-2016)
How To Use Auth0 To Manage Your Multi-Tenancy Application (05-08-2016)
Introducing TAuth: Why OAuth 2.0 is bad for banking APIs and how we're fixing it (05-05-2016)
Connecting Slack and Salesforce (05-05-2016)
3scale Adds Stormpath Integration to Its Industry Leading API Platform (05-03-2016)
New Stormpath Integration Simplifies Adoption Of OAuth Authentication Flow (05-03-2016)
HapiJS Authentication ? Secure Your API With JWT (04-29-2016)
Slack tokens: what they are, how they?re used, and how to keep your data safe (04-29-2016)
Developer-Friendly SAML Single Sign On Support (04-28-2016)
OpenID Connect Support in Tyk Cloud is Here! (04-28-2016)
Integrating Tyk Open Source API Gateway with a Custom Identity Provider using JSON Web Tokens (04-27-2016)
Lumen And Stormpath As Your Mobile Backend (04-27-2016)
Getting Started with the Heroku Connect API (04-25-2016)
Spring OAuth2 With JWT Sample (04-25-2016)
Saying goodbye to OAuth 1.0 (04-22-2016)
Everything You Wanted to Know About OAuth 2 (But Were too Afraid to Ask) (04-20-2016)
Intermediate Delivery Reports - Make the most of 2-Factor Authentication (04-19-2016)
New ? Your User Pools for Amazon Cognito (04-19-2016)
Authentication in Golang with JWTs (04-13-2016)
Facebook launches Account Kit, a tool that lets you sign in to apps without passwords (04-12-2016)
Announcing Clearbit Connect (04-07-2016)
Integrate Auth0 Into Your Existing SaaS Tools (04-07-2016)
Token Based Authentication using Postman as Client and Web API 2 as Server (04-05-2016)
Identity and access management: Where security and operations meet (04-04-2016)
Announcing General Availability of Box KeySafe with AWS KMS (03-29-2016)
How to Detect and Automatically Revoke Unintended IAM Access with Amazon CloudWatch Events (03-29-2016)
IAM best practice guides available now (03-29-2016)
JSON Web Token in Action With JAX-RS (03-29-2016)
Social logins: What?s really at risk? (03-29-2016)
Social Login: Facebook & Google in One API Call - Stormpath User Identity API (03-28-2016)
Four Key API Management Use Cases for the Enterprise (03-28-2016)
How to Easily Identify Your Federated Users by Using AWS CloudTrail (03-28-2016)
Google Cloud Platform now offers identity and access management roles for users (03-23-2016)
One time Authentication for Public Resource (03-22-2016)
Tutorial: Build an Android Application with Secure User Authentication (03-22-2016)
Test your OAuth2 secured API using DHC (03-21-2016)
Easy Guide on how to use OAuth to Access Google APIs (03-11-2016)
Introducing Auth0 for Postman Collections (03-09-2016)
HapiJS Authentication - Secure Your API With JWT (03-07-2016)
Introducing developer API tokens (03-04-2016)
Never type the same API token twice (03-01-2016)
Extra Security with Two-factor Authentication! (02-29-2016)
A Stateless OAuth 20 Proxy for Single Page Applications (SPAs) (02-27-2016)
MasterCard unveils 'selfie' security checks, says heartbeat authentication could follow (02-23-2016)
The ultimate guide to device authentication (02-17-2016)
New AWS Partner Network Blog Post: Securely Accessing Customers' AWS Accounts with Cross-Account IAM Roles (02-17-2016)
Instagram Finally Adds Two-Factor Authentication To Fight Hackers (02-16-2016)
How to Implement Basic Search with Google Maps API (02-12-2016)
SAML SSO with GoodData (02-12-2016)
Securing Identities: Two-Factor Authentication in the Hacking Age (02-09-2016)
Fitbit OAuth Update (02-05-2016)
SAML Single Sign-on With Tomcat and PicketLink (02-02-2016)
Getting Started with SAML in PHP Applications - Stormpath User Identity API (02-01-2016)
SSO for Heroku Now Generally Available (01-26-2016)
Using Google Sign-in With Your Server (01-26-2016)
OAuth with JSON Web Tokens In .NET - Stormpath User Identity API (01-25-2016)
Google Play Games API Adjustments Ease Sign-in and Permission Requirements (01-25-2016)
How to Encrypt OAuth Tokens in 10 minutes With SecureDB (01-25-2016)
Cover yourself up! Protecting your APIs with mutual auth (01-22-2016)
Keycloak and dagger: Securing your APIs with OAuth2 (01-22-2016)
OAuth authentication on tvOS (01-20-2016)
How to Record and Govern Your IAM Resource Configurations Using AWS Config (01-19-2016)
Introducing the OAuth Technology Preview in NGINX Plus R8 (01-19-2016)
The IAM Console Now Helps Prevent You From Accidentally Deleting In-Use Resources (01-13-2016)
Google Apps + Clever Instant Login (01-12-2016)
How to Enable Web Apps for 2FA With the Nexmo Verify API (01-12-2016)
Building Simple Command Line Interfaces in Python (01-11-2016)
IETF Moves to Simplify Sharing of OAuth Tokens ? Univers Smartphone (01-08-2016)
How to use JSON Web Token (01-06-2016)
The Basics of SAML (12-17-2015)
SSO for Heroku now in Public Beta (12-16-2015)
Identity and access management for everyone (12-11-2015)
Talking to OAuth2 Services with Node.js - Stormpath User Identity API (12-10-2015)
Apply an OAuth policy on a REST API (12-09-2015)
Adding An OAuth Scope Page As One Of My API Management Building Blocks (11-04-2015)
Adding Authentication to Shiny Open Source Edition (09-24-2015)
Take control of all your IoT devices with Netvibes + SAMI (08-27-2015)
Microsoft Previews a More Unified Sign-In Approach for Applications (08-13-2015)
Using OAuth 2.0 and the Google API Client Library for Javascript with Trigger.io Forge (08-13-2015)
Twitter Improves Digits Login Tool For Devs (08-11-2015)
Ingest Profiles API Authentication (07-10-2015)
Announcing the formation of the OTTO WG (06-25-2015)
Announcing OAuth 2.0, Deprecating OAuth 1.0 (06-22-2015)
OAuth Quick Start (06-19-2015)
Forms Authentication using Web API (06-16-2015)
Two ways to create your APISpark account (06-16-2015)
The relation between OpenID Connect and OAuth 2 (06-10-2015)
Ping unveils new IAM platform enabling multifactor authentication using Apple Watch (06-09-2015)
Single Sign-On: The Enterprise Solution for Too Many Passwords (06-02-2015)
How to Implement Federated API and CLI Access Using SAML 2.0 and AD FS (05-28-2015)
Single Sign-On For Government Applications Coming in Weeks (05-23-2015)
5 Things to Consider When Using RESTful APIs and OAuth 2.0 (05-22-2015)
Amazon Releases SDKs for Login and Pay with Amazon (05-22-2015)
Introducing Digits Kit (05-20-2015)
New SDKs, Code Samples, & Docs for Login and Pay with Amazon (05-20-2015)
Meet MyUSA: Your one account for government (05-17-2015)
Announcing the Auth0 Open Source Single-Sign-On Dashboard (04-28-2015)
API Keys - SendGrid Documentation (04-27-2015)
Auth0 Europe Launches (04-27-2015)
New ? Glacier Vault Access Policies (04-27-2015)
How to Authenticate Using the Konekt REST API (04-24-2015)
A final farewell to ClientLogin, OAuth 1.0 (3LO), AuthSub, and OpenID 2.0 (04-21-2015)
Passwordless SMS Authentication Using Xamarin (04-21-2015)
Active Directory API - Gives You an Easier Way to Access Data Stored In... (04-19-2015)
Authenticating Users Through OAuth2 in Azure (04-17-2015)
Integrating Multiple Orgs using the OAuth 2.0 SAML Bearer Assertion Flow (04-15-2015)
Salesforce buys mobile authentication startup Toopher (04-01-2015)
Authentication Using JSON Web Token (03-26-2015)
Randall Degges - Why I Love Basic Auth (03-23-2015)
Google's new CAPTCHA security login raises 'legitimate privacy concerns' (GOOG) (02-20-2015)
The need for contextual information within multifactor authentication (02-19-2015)

These are curated as part of my daily work to understand what is happening across the space, and I regularly use them to track on what has occurred overtime, and include them in my guides, whitepapers, and other outputs.

Featured Authentication Companies and Organizations

These are the organizations I come across in my research who are doing interesting things in the API space. They could be companies, institutions, government agencies, or any other type of organizational entity. My goal is to aggregate so I can stay in tune with what they are up to and how it impacts the API space.


OAuth.io

Integrate 100+ OAuth providers in minutes. Setup your keys, install oauth.js, and you are ready to play !


Example

  • Products

GOV.UK Search

  • Do a search

OAuth.io Server API

  • Authorize a user
  • Check the validity of an access token and give back his permission, client_id and user_id
  • Create a client
  • Update a client
  • Remove a client by its client_id
  • Retrieves a client by its client_id
  • Retrieves all clients, and filters by user_id if given
  • Regenerate the API key's client
  • Access token retrieval (with code) or refresh (with refresh token)

Partner API v2


Quandl API


Swagger Petstore


Tenant API



AWS Config

AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config.

With AWS Config, you can discover existing and deleted AWS resources, determine your overall compliance against rules, and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.


AWS Config API

  • Delete Config Rule
  • Delete Configuration Recorder
  • Delete Delivery Channel
  • Delete Evaluation Results
  • Deliver Config Snapshot
  • Describe Compliance By Config Rule
  • Describe Compliance By Resource
  • Describe Config Rule Evaluation Status
  • Describe Config Rules
  • Describe Configuration Recorders
  • Describe Configuration Recorder Status
  • Describe Delivery Channels
  • Describe Delivery Channel Status
  • Get Compliance Details By Config Rule
  • Get Compliance Details By Resource
  • Get Compliance Summary By Config Rule
  • Get Compliance Summary By Resource Type
  • Get Resource Config History
  • List Discovered Resources
  • Put Config Rule
  • Put Configuration Recorder
  • Put Delivery Channel
  • Put Evaluations
  • Start Config Rules Evaluation
  • Start Configuration Recorder
  • Stop Configuration Recorder


AWS Cognito

Amazon Cognito lets you easily add user sign-up and sign-in to your mobile and web apps. With Amazon Cognito, you also have the options to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. In addition, Amazon Cognito enables you to save data locally on users devices, allowing your applications to work even when the devices are offline. You can then synchronize data across users devices so that their app experience remains consistent regardless of the device they use. With Amazon Cognito, you can focus on creating great app experiences instead of worrying about building, securing, and scaling a solution to handle user management, authentication, and sync across devices.


AWS Cognito Merged API

  • Add Custom Attributes
  • Admin Add User To Group
  • Admin Confirm Sign Up
  • Admin Create User
  • Admin Delete User
  • Admin Delete User Attributes
  • Admin Disable User
  • Admin Enable User
  • Admin Forget Device
  • Admin Get Device
  • Admin Get User
  • Admin Initiate Auth
  • Admin List Devices
  • Admin List Groups For User
  • Admin Remove User From Group
  • Admin Reset User Password
  • Admin Respond To Auth Challenge
  • Admin Set User Settings
  • Admin Update Device Status
  • Admin Update User Attributes
  • Admin User Global Sign Out
  • Bulk Publish
  • Change Password
  • Confirm Device
  • Confirm Forgot Password
  • Confirm Sign Up
  • Create Group
  • Create Identity Pool
  • Create User Import Job
  • Create User Pool
  • Create User Pool Client
  • Delete Dataset
  • Delete Group
  • Delete Identities
  • Delete Identity Pool
  • Delete User
  • Delete User Attributes
  • Delete User Pool
  • Delete User Pool Client
  • Describe Dataset
  • Describe Identity
  • Describe Identity Pool
  • Describe Identity Pool Usage
  • Describe Identity Usage
  • Describe User Import Job
  • Describe User Pool
  • Describe User Pool Client
  • Forget Device
  • Forgot Password
  • Get Bulk Publish Details
  • Get Cognito Events
  • Get Credentials For Identity
  • Get C S V Header
  • Get Device
  • Get Group
  • Get Id
  • Get Identity Pool Configuration
  • Get Identity Pool Roles
  • Get Open Id Token
  • Get Open Id Token For Developer Identity
  • Get User
  • Get User Attribute Verification Code
  • Global Sign Out
  • Initiate Auth
  • List Datasets
  • List Devices
  • List Groups
  • List Identities
  • List Identity Pools
  • List Identity Pool Usage
  • List Records
  • List User Import Jobs
  • List User Pool Clients
  • List User Pools
  • List Users
  • List Users In Group
  • Lookup Developer Identity
  • Merge Developer Identities
  • Register Device
  • Resend Confirmation Code
  • Respond To Auth Challenge
  • Set Cognito Events
  • Set Identity Pool Configuration
  • Set Identity Pool Roles
  • Set User Settings
  • Sign Up
  • Start User Import Job
  • Stop User Import Job
  • Subscribe To Dataset
  • Unlink Developer Identity
  • Unlink Identity
  • Unsubscribe From Dataset
  • Update Device Status
  • Update Group
  • Update Identity Pool
  • Update Records
  • Update User Attributes
  • Update User Pool
  • Update User Pool Client
  • Verify User Attribute


AWS Directory Service

AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. The Microsoft AD service is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. You can use standard Active Directory administration tools and take advantage of built-in Active Directory features such as Group Policy, trusts, and single sign-on. With Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to a domain, and use AWS Enterprise IT applications such as Amazon WorkSpaces with Active Directory users and groups.


AWS Directory Service API

  • Add Ip Routes
  • Add Tags To Resource
  • Cancel Schema Extension
  • Connect Directory
  • Create Alias
  • Create Computer
  • Create Conditional Forwarder
  • Create Directory
  • Create Microsoft A D
  • Create Snapshot
  • Create Trust
  • Delete Conditional Forwarder
  • Delete Directory
  • Delete Snapshot
  • Delete Trust
  • Deregister Event Topic
  • Describe Conditional Forwarders
  • Describe Directories
  • Describe Event Topics
  • Describe Snapshots
  • Describe Trusts
  • Disable Radius
  • Disable Sso
  • Enable Radius
  • Enable Sso
  • Get Directory Limits
  • Get Snapshot Limits
  • List Ip Routes
  • List Schema Extensions
  • List Tags For Resource
  • Register Event Topic
  • Remove Ip Routes
  • Remove Tags From Resource
  • Restore From Snapshot
  • Start Schema Extension
  • Update Conditional Forwarder
  • Update Radius
  • Verify Trust


AWS Identity and Access Management

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. 

IAM is a feature of your AWS account offered at no additional charge. You will be charged only for use of other AWS services by your users.

To get started using IAM, or if you have already registered with AWS, go to the AWS Management Console and get started with these IAM Best Practices.


AWS Identity and Access Management API

  • Add Client I D To Open I D Connect Provider
  • Add Role To Instance Profile
  • Add User To Group
  • Attach Group Policy
  • Attach Role Policy
  • Attach User Policy
  • Change Password
  • Create Access Key
  • Create Account Alias
  • Create Group
  • Create Instance Profile
  • Create Login Profile
  • Create Open I D Connect Provider
  • Create Policy
  • Create Policy Version
  • Create Role
  • Create S A M L Provider
  • Create Service Specific Credential
  • Create User
  • Create Virtual M F A Device
  • Deactivate M F A Device
  • Delete Access Key
  • Delete Account Alias
  • Delete Account Password Policy
  • Delete Group
  • Delete Group Policy
  • Delete Instance Profile
  • Delete Login Profile
  • Delete Open I D Connect Provider
  • Delete Policy
  • Delete Policy Version
  • Delete Role
  • Delete Role Policy
  • Delete S A M L Provider
  • Delete Server Certificate
  • Delete Service Specific Credential
  • Delete Signing Certificate
  • Delete S S H Public Key
  • Delete User
  • Delete User Policy
  • Delete Virtual M F A Device
  • Detach Group Policy
  • Detach Role Policy
  • Detach User Policy
  • Enable M F A Device
  • Generate Credential Report
  • Get Access Key Last Used
  • Get Account Authorization Details
  • Get Account Password Policy
  • Get Account Summary
  • Get Context Keys For Custom Policy
  • Get Context Keys For Principal Policy
  • Get Credential Report
  • Get Group
  • Get Group Policy
  • Get Instance Profile
  • Get Login Profile
  • Get Open I D Connect Provider
  • Get Policy
  • Get Policy Version
  • Get Role
  • Get Role Policy
  • Get S A M L Provider
  • Get Server Certificate
  • Get S S H Public Key
  • Get User
  • Get User Policy
  • List Access Keys
  • List Account Aliases
  • List Attached Group Policies
  • List Attached Role Policies
  • List Attached User Policies
  • List Entities For Policy
  • List Group Policies
  • List Groups
  • List Groups For User
  • List Instance Profiles
  • List Instance Profiles For Role
  • List M F A Devices
  • List Open I D Connect Providers
  • List Policies
  • List Policy Versions
  • List Role Policies
  • List Roles
  • List S A M L Providers
  • List Server Certificates
  • List Service Specific Credentials
  • List Signing Certificates
  • List S S H Public Keys
  • List User Policies
  • List Users
  • List Virtual M F A Devices
  • Put Group Policy
  • Put Role Policy
  • Put User Policy
  • Remove Client I D From Open I D Connect Provider
  • Remove Role From Instance Profile
  • Remove User From Group
  • Reset Service Specific Credential
  • Resync M F A Device
  • Set Default Policy Version
  • Simulate Custom Policy
  • Simulate Principal Policy
  • Update Access Key
  • Update Account Password Policy
  • Update Assume Role Policy
  • Update Group
  • Update Login Profile
  • Update Open I D Connect Provider Thumbprint
  • Update S A M L Provider
  • Update Server Certificate
  • Update Service Specific Credential
  • Update Signing Certificate
  • Update S S H Public Key
  • Update User
  • Upload Server Certificate
  • Upload Signing Certificate
  • Upload S S H Public Key


AWS Security Token Service

The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users).


AWS Security Token Service API

  • Assume Role
  • Assume Role With S A M L
  • Assume Role With Web Identity
  • Decode Authorization Message
  • Get Caller Identity
  • Get Federation Token
  • Get Session Token


Azure Key Vault

Azure Key Vault offers an easy, cost-effective way to safeguard keys and other secrets in the cloud by using hardware security modules (HSMs). Protect cryptographic keys and small secrets like passwords with keys stored in HSMs. For added assurance, import or generate your keys in HSMs that are certified to FIPS 140-2 level 2 and Common Criteria EAL4+ standards, so that your keys stay within the HSM boundary. Key Vault is designed so that Microsoft does not see or extract your keys. Create new keys for Dev-Test in minutes and migrate seamlessly to production keys managed by security operations. Key Vault scales to meet the demands of your cloud applications without the hassle required to provision, deploy, and manage HSMs and key management software.


KeyVaultManagementClient

  • Vaults List By Resource Group
  • Vaults Create Or Update
  • Vaults Delete
  • Vaults Get
  • Vaults List


Authy

Two-factor authentication (2FA) adds an additional layer of protection beyond passwords. Download our free app today and follow our easy to use guides to protect your accounts and personal information.



Auth0

The new way to solve Identity


Auth0 API

  • Get Blacklists Tokens
  • Post Blacklists Tokens
  • Get Clients
  • Post Clients
  • Delete Clients
  • Get Clients
  • Patch Clients
  • Post Jobs Users Imports
  • Get Jobs Job
  • Get Stats Active Users
  • Get Stats Daily
  • Delete Users
  • Get Users
  • Post Users
  • Delete Users
  • Get Users
  • Patch Users
  • Delete Users Multifactor Prover

management.auth0.com

  • Create a client grant
  • Get all client grants
  • Create a client
  • Get all clients
  • Delete the email provider
  • Get the email provider
  • Update the email provider
  • Search log events
  • Get a log event by id
  • Create an email verification ticket
  • Create a user
  • List or search users


OpenUMA

At ForgeRock we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries.



Google Cloud Key Management Service

Cloud KMS is a cloud-hosted key management service that lets you manage encryption for your cloud services the same way you do on-premises. You can generate, use, rotate and destroy AES256 encryption keys. Cloud KMS is integrated with IAM and Cloud Audit Logging so that you can manage permissions on individual keys, and monitor how these are used. Use Cloud KMS to protect secrets and other sensitive data which you need to store in Google Cloud Platform.


Google Cloud Key Management Service (KMS)

  • Get Key
  • Update Key
  • Get Locations
  • Decrypt Data
  • Destroy Key
  • Encrypt Data
  • Restore Key
  • Update Version
  • Create Key
  • List Keys
  • Create Key Version
  • List Key Versions
  • Create Key Ring
  • List Key Rings
  • Get IAM Policy
  • Set IAM Policy
  • Test IAM Permissions


Google Cloud User Accounts

Service for managing the global Google Cloud user accounts. This API reference is organized by resource type. Each resource type has one or more data representations and one or more methods.


Cloud User Accounts

  • Create Group
  • Get Groups
  • Delete Group
  • Get Group
  • Add User To Group
  • Remove Use From Group
  • Get IAM Policy
  • Set IAM Policy
  • Test IAM Permissions
  • Get Operations
  • Delete Operation
  • Get Operation
  • Create User
  • Get Users
  • Get User IAM Policy
  • Set User IAM Policy
  • Test User IAM Permissions
  • Delete User
  • Get User
  • Add Public Key
  • Remove Public Key
  • Get Public Keys
  • Get Linux Account Views


Google Cloud Identity Access Management

Google Cloud Identity & Access Management (IAM) lets administrators authorize who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organizational structures, hundreds of workgroups and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes.


Google Identity and Access Management (IAM)

  • Query Roles
  • Delete Service Account Key
  • Get Service Account Key
  • Update Service Account Key
  • Create Service Account Key
  • Get Service Account Keys
  • Create Service Account
  • Get Service Accounts
  • Sign Blob
  • Sign JWT
  • Return IAM Access Control Policy
  • Set IAM Access Control Policy
  • Tests Permissions


Google OAuth2

Google APIs use the OAuth 2.0 protocol for authentication and authorization. Google supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications. To begin, obtain OAuth 2.0 client credentials from the Google API Console. Then your client application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access. For an interactive demonstration of using OAuth 2.0 with Google (including the option to use your own client credentials), experiment with the OAuth 2.0 Playground.


Google OAuth2

  • Get Certificate
  • Get Token Info
  • Get User Info
  • Get Me

Other Authentication Companies and Organizations

These are additional companies who have APIs, but do not have as much detaila nd resources available to rank with the others.

Duo Security - Duo???s Trusted Access platform verifies the identity of your users with two-factor authentication and security health of their devices before they connect to the apps you want them to access.
Gigya - Identify, engage & build single customer views to create relevant, personalized experiences. Designed to meet privacy, compliance & security best practices.
Janrain - The Janrain User Management Platform (JUMP) helps organizations succeed on the social web by providing leading technology to leverage the popularity of social networks and identities for user acquisition, engagement, and enhanced customer intelligence. Our solutions, including social login, social sharing, social profile data collection and storage, access to the social graph, game mechanics, and digital strategy services, improve the effectiveness of online marketing initiatives for leading brands like Fox, Universal Music Group, Whole Foods, MTV, Purina, Avis and Dr Pepper.
LoginRadius - Simplify customer authentication and authorization to amplify your business with better understanding of your audience using our customer identity management
Okta - Provide secure identity management and single sign-on to any application, whether in the cloud, on-premises or on a mobile device for your employees, partners and customers with Okta.
Gluu - Gluu allows Organizations to safely manage identity security. Gluu supports SAML2.0, OpenID Content, idp shibboleth, idp saml, open source sso, active directory saml. Free Trial Available.
LoginTC - The Best Solution for Two Factor Authentication. The most simple and secure way to protect company logins from account takeovers and data theft.
Bearer - The ultimate technology to build plugn play, reusable API Integrations, helping developers & companies get the most of APIs.
miiCard - miiCard (My Internet Identity) is a global Identity as a Service solution that proves  ‘you are who you say you are’,  purely online, in minutes and to the same level as a physical passport or photo ID check.  Through a patented process that leverages the trust between an individual and their financial institution, miiCard establishes identity to Level of Assurance 3+ and meets Know Your Customer and Anti-Money Laundering identity guidelines, enabling the sale of regulated products and services purely online.  Combining online identity proofing with strong authentication, miiCard provides the trust and security required for people and businesses to meet and transact with confidence in a purely digital environment.
Gravitee IO - Gravitee.io is a flexible, lightweight and blazing-fast open source API Management solution that helps your organization control finely who, when and how users access your APIs.
Authentiq Connect - Authentiq offers the convenience of passwordless authentication with the safety of two step verification. Sign up for Authentiq today, and never think about authentication again.
Centrify - Centrify delivers Zero Trust Security through the power of Next-Gen Access. Secure access to apps, endpoints & infrastructure. Click for a FREE Trial!
Authenticating.comâ„¢ - Authenticating as a Service for peer-to-peer exchanges, two sided marketplaces, social networks and other transactional apps, sites and services worldwide.
PassDefense -

Authentication Tooling

These are the open source tooling that I come across in my research who are doing interesting things in the API space. They could be companies, institutions, government agencies, or any other type of tool_anizational entity. My goal is to aggregate so I can stay in tune with what they are up to and how it impacts the API space.