Manning Publications API Security in Action

It's well laid out and easy to get to the subject matter that fills in blank spaces in my knowledge of the subject.

似たような書名の類書は何冊か存在しますが、基本的にAPIのアクセスコントロールの話だけとか認可と認証の話だけとかで内容が偏っている本が多いので、この本は内容が偏ってないし(まだ読んでないし読む暇もなさそうですが)分かりやすそうなので良い本だと思います。とはいえ昨今の円安もあってかなり高価で、また当然英語なので邦訳の出版を希望致します。

Der Umfang und Inhalt des Buches sind ok. Alle wichtigen Aspekte um APIs abzusichern werden behandelt, mitunter sogar sehr ausführlich. Aber: der vorgestellte Code dazu (eine Natter-API) sind einfach grausam. Da stehen einem erfahrenen Java-Entwickler die Haare zu Berge. Zudem wird eine kostenpflichtige Access Management Software beworben (Forgerock). Ein Keycloak hätte es auch getan. Daher nur 3 Sterne.

This book is outstanding. My brain is spinning as I attempt to summarize everything it covers - so I won't even try. I'll just say that if you're working on the technical implementation of a networked client or server (or both) involving an API and authentication, authorization, encryption, or identity, you should most definitely read this book. It's just overflowing with expert advice and information. Most valuable of all - it explains many of the network attacks on APIs that are out there today, how incorrect implementations are vulnerable to them, and then how to properly mitigate them for your own implementation (in both theory and practice).NOTE: All the sample code in the book is done in Java, but if you can understand OOP in general it shouldn't be too difficult to imagine how you can port the same principles and techniques to other languages.

Incredibly detailed and modern approach to all things API security design. This is an industry reference that you will refer back to time and time again when designing anything from OAuth2 and CORS to MTLS, session management and IoT infrastructures. Super detailed, with expert code snippets and how-to's. Every time you pick this up you will learn something new.