/apisecurityinaction

Source code that accompanies the book API Security in Action

MIT LicenseMIT

API Security in Action

This repository contains source code that accompanies the book API Security in Action, written by Neil Madden and published by Manning Publications in November 2020. Please see Manning's website for information on purchasing a copy, or its available from Amazon and other retailers.

Note: there is no source code on the main branch. You need to check out the branch for the chapter you are reading.

The git repo is organized with a separate branch for each chapter, starting with Chapter 2. Actually there are two branches per chapter. The branches called "chapter02", "chapter03" etc will give you the source code as needed for starting out on the given chapter. The branches named "chapter02-end", "chapter03-end" etc give the final source code after all the alterations in that chapter. Typically the source code at the end of a chapter is also identical to the start of the next chapter.

I strongly recommend working through the code listings from the book.

The source code can also be downloaded as a zip file from Manning's website.

Prerequisites

The following are needed to run the code examples:

  • Java 11 or later. See https://adoptopenjdk.net for installers.
  • A recent version of Apache Maven - I use 3.6.1.
  • For testing, curl. On Mac OS X you should install a version of curl linked against OpenSSL rather than Secure Transport, otherwise you may need to adjust the examples in the book.
  • I highly recommend installing mkcert for working with SSL certificates from chapter 3 onwards.

The API server for each chapter can be started using the command

mvn clean compile exec:java

This will start the Spark/Jetty server running on port 4567. See chapter descriptions for HTTP requests that can be used.

Chapter 10 and onwards have more detailed requirements to run the sample code. Please consult the book for exact instructions.

Postman

I've created a Postman collection to help you perform operations using the API developed during the book as an alternative to curl. You can import the collection from this url: https://www.postman.com/collections/ef49c7f5cba0737ecdfd

Chapters

Chapter 2 - Secure API development

Chapter 3 - Securing the Natter API

Chapter 4 - Session cookie authentication

Chapter 5 - Modern token-based authentication

Chapter 6 - Self-contained tokens and JWTs

Chapter 7 - OAuth 2 and OpenID Connect

Chapter 8 - Identity-based access control

Chapter 9 - Capability security and Macaroons

Chapter 10 - Microservice APIs in Kubernetes

Chapter 11 - Securing service to service APIs

Chapter 12 - Securing IoT communications

Chapter 13 - Securing IoT APIs