How to design secure web API access for your website? When we open web API access to users, we need to make sure each API call is authenticated. This means the user must be who they claim to be. In this post, we explore two common ways: 1. Token based authentication
How to design a secure web API access for your website?
What are some of the relative benefits / limitations of each approach and what use cases do they cover?
Along with API authentication, it also need to mention request throttling for security purposes (avoiding ddos attacks)