Articles and blogs

My article has been published on the New Stack. You can read all about Identity Distribution and its role in API Security: https://thenewstack.io/identity-distribution-is-essential-for-modern-api-s...

JWTs are secure only if used correctly. I created a course on JWT best practices. This will help you understand how to work with JWTs to maintain the best levels of security. Have a look at the fre...

I've written an article for the IT Chronicles website about the importance of identity in API Security. You can read it here: https://itchronicles.com/uncategorized/understanding-the-role-of-identi...

I wrote a blog post about the pros and cons of Client-Initiated Backchannel Authentication. Have a look at it here: https://curity.io/blog/whats-the-deal-with-ciba/

I wrote an article about passwordless and browserless login experiences. Read it here: https://thenewstack.io/say-goodbye-to-browsers-and-passwords/

I wrote an article for the Nordic APIs website about strategies for integrating OAuth with API gateways. If you want to learn when to use the Phantom Token approach, when to use the Split Token app...

I wrote a blog post about securing complex API ecosystems. Read about token sharing, embedding, and exchanging here: https://curity.io/blog/3-solutions-for-securing-complex-api-ecosystems/

I wrote a blog post about managing claims in tokens. An important thing to remember — the token's content is a contract, though its parties vary depending on the token type. You can read the full p...

I wrote an article about bringing financial-grade security to any API and it's now live on Nordic APIs: https://nordicapis.com/how-to-bring-financial-grade-security-to-apis/

I wrote a blog post about the difference between Phantom and Split Token approaches. If you deal with access tokens in APIs, especially JWTs then it should be of interest to you: https://curity.io/...

I got to learn about Subject Alternative Names in certificates and how they can be used to authenticate OAuth clients. You can read about it in this tutorial: https://curity.io/resources/learn/san-...

I wrote a tutorial on how to create a CI pipeline for solutions that use an instance of the Curity Identity Server: https://curity.io/resources/learn/testing-an-instance-of-curity/ Whether you need...

I wrote an article about using OAuth in native apps, especially in mobile apps. It's been published at New Stack: https://thenewstack.io/brave-mobile-world-oauth-in-native-apps

I wrote a blog post about the importance of adhering to security best practices when working with JSON Web Tokens. You can read it on Curity's blog: https://curity.io/blog/your-apis-are-only-as-sec...

I wrote a tutorial on how to use federated login to sign in to the admin UI of the Curity Identity Server. https://curity.io/resources/learn/federated-login-to-admin-ui/