For developers with intermediate Java knowledge and experience building RESTful APIs. API Security in Action shows you how to create secure web APIs that you can confidently share with your business partners and expose for public usage. Security expert Neil Madden takes you under the hood of modern API security concepts, including token-based authentication for flexible multi-user security, bootstrapping a secure environment in a Kubernetes microservices architecture, and using lightweight cryptography to secure an IoT device. Chapter-by-chapter, you'll build new layers of security onto a basic social network API, mastering techniques to protect against increasingly complex threat models and hostile environments. When you're done, you'll have the practical skills to design and implement APIs that are safe from most common attacks and are ready for the threats of tomorrow. The main API security controls: authentication, authorization, audit logging, rate limiting, and encryption Token-based authentication in web browsers and mobile clients Cloud Key Management Services in a Kubernetes environment Delegated authorization using OAuth 2.0