Building a Secure API - Introduction (Part 1)
API security doesn't have to be confusing if you build it in from the start.
Building a secure API doesn't have to be difficult if you build it that way from the start. This course will guide you through the creation of a simple REST API that could be used for a new application or to add on to an existing one. Secure thinking is an important part of any development. Join me as I introduce you to some of the basic concepts around the API including:
- Revokable API keys
- HMAC hashing for message integrity
- Working with middleware
- Defining the login flow
Tools that will be used in the series are also introduced along with basic examples of them in use including Phinx and Eloquent for database handling and the Slim Framework for request/response handling.
For the last 12+ years, Chris has been involved in the PHP community in one way or another. These days he's the Senior Editor of PHPDeveloper.org, lead author for Websec.io, a site dedicated to teaching developers about security, and the Securing PHP project. He's also written for several PHP publications and has spoken at conferences in both the U.S. and Europe on security-related topics. He's also an organizer of the Dallas PHP User Group and the Lone Star PHP Conference and works as an Application Security Engineer for Duo Security.