Azure API Management’s default security mechanism is built on top of subscriptions. Whilst this is a very simple way to protect your APIs, it’s often not secure enough. Many scenarios require the APIs to be protected with OAuth2, which is perfectly...
The weakest link in security is the human element. This statement gets regularly confirmed, when we are setting up OAuth2 or Open ID Connect at a customer. This blog explains the security issue and how you can overcome it with some very little effort. The problem In...
What a long blog title 🙂 Today, I’ve encountered an issue while using the validate-jwt policy in Azure API Management. Let’s have a look at it and let me explain how I worked around it. The scenario For a proof of concept, I had to integrate Azure API...
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.