Why companies gamble on user data privacy
Despite GDPR, we still hear about embarrassing data leaks, often at big tech companies. What is so difficult about protecting your users data? Turns out, it's just business...
So you want to build your own authorization?
When writing new software, it's hard to notice complexity creeping in. Authorization is one of the aspects where things start deceptively simple and before you notice, you end up in a zoombombing scandal.
To authenticate or to authorize - what is the difference?
Authentication vs authorization - which one is which? Even experienced software developers confuse the two. Let’s make it crystal clear once and for all - what is the difference and why it matters.
How to pick the best auth solution
Finding an auth provider that suits your needs is tricky. Product pages are loaded with SEO keywords that mean little in practice. Comparison websites can't distinguish between authentication and authorization. Let me help.
Breach - Enabling emergency data protection
In the wake of unauthorized access to the US capitol building presents a unique cybersecurity opportunity to reexamine best practices in this data security case study.
Zoombombing - a case study of data protection
Zoombombing is a relatively recent phenomenon, although underlying causes aren't new. In this case study, I take a look at what went wrong and how a company can protect itself from similar issues.
Getting started with Authress
All you need to start using Authress, explained step by step.
Authress API - billing, caching, and rate limiting
Details on billing scenarios, response caching, and route rating limiting for Authress API.
Choosing the right error code 401, 403, or 404
Here we’ll break down the most common HTTP error responses used for the purposes of API security.
How to secure a multitenant application architecture
Get help creating an application where multiple users share one account.
Choosing the best access control strategy
A comparison of different access control strategies such as role-based access control (RBAC) and others, using a simple document repository as a example.
Magic links and Passwordless login
Making user signup and login easy is critical to having a successful app. Magic links and passwordless login helps, however it can create many problems longer term, and not ones that have easy solutions.
Validating JWTs in Web APIs
Securing a web application or api requires actually validating the access token that is being used. When using JWTs, there are two mechanisms for doing this.
Setup user authentication with any identity provider
Integrating identity providers such as Google into your web application can be challenging, here's a quick start for any site.
API Authentication - Creating service client API keys
Learn about how to create authentication for any application API. Create service client api keys and convert them to secure JWTs for consistent authentication across services.