Backend Jul 2, 2026 6 min read
API Authentication Best Practices
Learn API authentication best practices, including tokens, API keys, OAuth, mTLS, sessions, gateways, rotation, scopes, errors, and logging.
Tag
19 articles with this tag.
Backend Jul 2, 2026 6 min read
Learn API authentication best practices, including tokens, API keys, OAuth, mTLS, sessions, gateways, rotation, scopes, errors, and logging.
Backend Jul 2, 2026 6 min read
Compare cookie and token authentication for backend apps, including sessions, JWTs, CSRF, XSS, storage, CORS, mobile clients, and API tradeoffs.
Backend Jul 2, 2026 5 min read
Use this backend cookie security checklist for HttpOnly, Secure, SameSite, CSRF, session rotation, prefixes, expiration, domains, and testing.
Backend Jul 2, 2026 5 min read
Learn the OAuth client credentials flow for service-to-service APIs, including clients, secrets, scopes, tokens, rotation, and security risks.
Backend Jul 2, 2026 4 min read
Learn OAuth scopes for backend APIs, including permissions, consent, least privilege, access tokens, naming, validation, and common mistakes.
Backend Jul 2, 2026 5 min read
Learn service accounts for backend systems, including machine identity, API access, least privilege, secrets, rotation, audit logs, and risks.
Backend Jun 30, 2026 5 min read
Compare API keys and OAuth tokens for backend APIs, including identity, scopes, rotation, expiration, user context, service access, and security tradeoffs.
Backend Jun 30, 2026 5 min read
Learn how multi-factor authentication works in web apps, including TOTP, WebAuthn, backup codes, recovery flows, step-up checks, and backend tradeoffs.
Backend Jun 30, 2026 5 min read
Learn password hashing basics for backend systems, including salts, slow hashes, peppers, verification, resets, storage risks, and common mistakes.
Backend Jun 30, 2026 5 min read
Learn how refresh token rotation works, why reuse detection matters, and how backend teams can design safer token refresh, logout, and revocation flows.
Backend Jun 30, 2026 5 min read
Learn how SameSite cookies affect browser authentication, CSRF risk, cross-site requests, OAuth redirects, iframes, and backend cookie design.
Backend Jun 30, 2026 4 min read
Learn what session fixation is, how it affects web authentication, why session rotation matters, and how backend teams can prevent it.
Backend Jun 29, 2026 4 min read
Compare authentication and authorization in backend systems, including identity checks, permissions, roles, scopes, sessions, tokens, and API enforcement.
Backend Jun 29, 2026 4 min read
Learn common JWT claims for backend authentication, including sub, iss, aud, exp, nbf, iat, jti, scopes, roles, tenant context, and validation mistakes.
Backend Jun 29, 2026 5 min read
Compare OAuth 2.0 and OpenID Connect for backend developers, including authorization, login, ID tokens, access tokens, scopes, and common mistakes.
Backend May 3, 2026 7 min read
Compare CSRF and XSS attacks for backend developers, including how they work, why cookies and tokens matter, and practical defenses.
Backend Apr 19, 2026 6 min read
A backend-focused OAuth 2.0 guide covering roles, authorization code flow, PKCE, scopes, tokens, client credentials, and common mistakes.
Backend Apr 12, 2026 6 min read
Compare access tokens and refresh tokens in backend authentication, including lifetime, storage, rotation, revocation, and security tradeoffs.
Backend Jan 28, 2026 5 min read
Understand JWT and server-side session authentication, including storage, revocation, scaling, security risks, and common backend use cases.