OAuth 2.0 and API Authorization

Modern applications are often designed around APIs. APIs enable applications to reuse logic and take advantage of innovative services. APIs provide access to valuable data or services, but they typically need to restrict API access to authorized parties. Applications therefore need authorization to call APIs. If an application wants to call an API on a user’s behalf to access resources owned by the user, it needs the user’s consent. In the past, a user often had to share their credentials with the application to enable such an API call on their behalf. This gave the application an unnecessary amount of access, not to mention the responsibility of safeguarding the credential! In this chapter, we will cover how the OAuth 2.0 framework provides a better solution for authorizing applications to call APIs.