search

Codit / practical-api-guidelines

Practical guidelines for building & designing APIs with .NET.
MIT License
16 stars 5 forks source link

Add security guidelines #129

Closed gverstraete closed 4 years ago

gverstraete commented 5 years ago

This PR contains a new guideline concering API Security in the aspects discussed in the task.

MassimoC commented 5 years ago

This page should be linked from the /maturity-level-two/README.md where there is a summary of the security overview with something like... Always secure API

gverstraete commented 5 years ago

This page should be linked from the /maturity-level-two/README.md where there is a summary of the security overview with something like... Always secure API

  • OAuth2 if idp is available
  • ServicePrincipals for service to service (e.g. MSI )
  • API Key as fallback?

@MassimoC , isn't that what is is in the document?

tomkerkhove commented 5 years ago

This page should be linked from the /maturity-level-two/README.md where there is a summary of the security overview with something like... Always secure API

  • OAuth2 if idp is available
  • ServicePrincipals for service to service (e.g. MSI )
  • API Key as fallback?

@MassimoC , isn't that what is is in the document?

I think his question was to get a small summary of what is being covered so people can get the gist of it when they are skimming the general level 2 docs.

Similar to this: image

tomkerkhove commented 5 years ago

Pinging @ToonVanhoutte as he might have input as well

tomkerkhove commented 5 years ago

@MassimoC @gverstraete I think we should be a bit more clear when to use what, and what should be part of maturity level II and what in III.