API Security in Action

very nicely written

It's well laid out and easy to get to the subject matter that fills in blank spaces in my knowledge of the subject.

wonderful detailed information for anyone looking to unlock and understanding modern day api

I have to admit that read a lot from Manning publisher and I enjoy "In Action" series.Security In Action is one of the best "in Action" books I ever read. What I enjoy is very good approach from author and his teaching skills. He introduces in phases, step by step such important topic as API security.On one hand learning curve is not so steep on the other hand book is not made with fluff.It makes a good reading and, don't let you get bored on the other hand details are presented step by step. For e.g let started with Basic Authorization, then explain what are downturns and pitfalls. And then slowly chapter by chapter how to properly make your API secure and robust. I enjoyed also real and well described examples of attacks. This is huge improvement over numerous security trainings which I passed at different major IT companies. What I enjoyed as well small quizzes in every chapter which helps to verify if a reader really comprehend knowledge.In code examples he uses Spark Java project which seems to be perfect suited to microservices but not only. I plan to leverage this lightweight approach soon in practice in my daily job.I could write more but it would be only positives, highly recommended for all Java Devs.

This book covers API security from the ground up in a linear way. The text is clear and precise and the example project (which gets built throughout the book) is easy to follow but also not too simple to be contrived.The author goes over many topics related to API security, presenting different approaches and discusses their benefits and drawbacks always with examples. I appreciated that the examples are always a part of the main project and are not standalone. This helped me to see where they fit and solidified my understanding.

The book is solid 5 star with its coverage and examples. Only little thing you might have to bear in mind is that all the examples are from java ecosystem. If you somehow can digest that piece, then the book is just perfect

Der Umfang und Inhalt des Buches sind ok. Alle wichtigen Aspekte um APIs abzusichern werden behandelt, mitunter sogar sehr ausführlich. Aber: der vorgestellte Code dazu (eine Natter-API) sind einfach grausam. Da stehen einem erfahrenen Java-Entwickler die Haare zu Berge. Zudem wird eine kostenpflichtige Access Management Software beworben (Forgerock). Ein Keycloak hätte es auch getan. Daher nur 3 Sterne.

This book is outstanding. My brain is spinning as I attempt to summarize everything it covers - so I won't even try. I'll just say that if you're working on the technical implementation of a networked client or server (or both) involving an API and authentication, authorization, encryption, or identity, you should most definitely read this book. It's just overflowing with expert advice and information. Most valuable of all - it explains many of the network attacks on APIs that are out there today, how incorrect implementations are vulnerable to them, and then how to properly mitigate them for your own implementation (in both theory and practice).NOTE: All the sample code in the book is done in Java, but if you can understand OOP in general it shouldn't be too difficult to imagine how you can port the same principles and techniques to other languages.

Está súper bien, yo creo que es el mejor libro de su campo. Por ponerle una pega, creo que sí en vez de hacer los códigos en java se hubieran hecho en python sería más legible el código. Aunque por extensión de java como lenguaje tiene más sentido.

似たような書名の類書は何冊か存在しますが、基本的にAPIのアクセスコントロールの話だけとか認可と認証の話だけとかで内容が偏っている本が多いので、この本は内容が偏ってないし(まだ読んでないし読む暇もなさそうですが)分かりやすそうなので良い本だと思います。とはいえ昨今の円安もあってかなり高価で、また当然英語なので邦訳の出版を希望致します。因みにこの本はJavaの本です。