Great to be able to talk to Randall Degges, Head of Developer Advocacy, and Keith Casey, API Problem Solver at Okta during Oktane18 about their new book on API Security.

As part of Okta's commitment to making developers' lives easier, they wrote this book because we're now living in an API-first world and API security is not well understood — for applications or IoT devices. 

IoT devices need to authenticate securely to another device before they begin transmitting data.

API Security provides everything a developer needs to know to develop API security. Standards are provided as are core protocols for authentication and authorization.

It is incumbent on today's API builders to be smart, informed, and proactive. Do this by focusing on best practices and keep looking for new ones. Implement modern approaches that have been proven successful in real, practical experience.

Topics in the book include:

• Transport Layer Security

• DOS Mitigation Strategies

• Sanitizing Data

• Managing API Credentials

• Authentication

• Authorization

• API Gateways

Developers will learn how Transport Layer Security protects data in transit, the different kinds of DOS attacks and strategies to mitigate them, and some of the pitfalls when trying to sanitize data. The book also provides best practices for managing API credentials, the core differences between authentication and authorization, and the best ways to handle each, as well as the role of API gateways.

Developers and everyone in an organization need to understand that API and application security are completely different. This is generally useful to the developer community.

The API and developer team at Okta are trying to make the world safer for people building applications. Click here for a link to the book.