OWASP API security – 5: Broken function level authorization
BFLA can occur when client requests are authorised incorrectly, allowing clients access to levels of resources they shouldn’t have.
OWASP API security – 4: Lack of resources & rate limiting
When APIs face excessive requests, service availability, performance, & security suffer. Explore OWASP rate limiting.
OWASP API security – 3: Excessive data exposure
Protect your API from excessive data exposure by structuring responses so that sensitive data is either not returned or is redacted. Read our guide!
OWASP API security – 2: Broken user authentication
User Authentication is dedicated to identifying, rating and highlighting vulnerabilities associated with the ability to correctly authenticate users.
OWASP API security – 1: Broken object level authorization
In this introductory blog on API security, we’ll be exploring how to avoid broken object level authorization (BOLA) in your APIs.
OWASP API security – Intro
This is the first in a series of blog posts which looks at the OWASP API Security top 10 threats in the context of API Management. Read our guide!
APIM architectural and deployment patterns 101
Looking at different architectural deployment patterns for API Management and assess the merits of each, along with any potential drawbacks.
Full lifecycle API management for Kubernetes, courtesy of Tyk Operator
Kubernetes is simple, powerful, and flexible; the platform by which all container orchestration frameworks are measured. See how Tyk can help.
OAuth2 Token Exchange RFC8693
Oauth token exchange – OAuth2 Token Exchange RFC8693 is a delegation protocol which allows an API Gateway to authenticate with an upstream.
GraphQL performance testing manual
When building a web or mobile application, it’s important to decide what technology to use to build your APIs. Learn more about GraphQL!