Add content for API security best practices

2025-08-17 06:35:00 +02:00 · 2023-02-21 15:16:15 +00:00
parent e45c49a404
commit 7a4c077a90
56 changed files with 81 additions and 1 deletions
--- a/public/best-practices/api-security.png
+++ b/public/best-practices/api-security.png
--- a/public/jsons/best-practices/api-security.json
+++ b/public/jsons/best-practices/api-security.json
--- a/src/data/best-practices/api-security/api-security.md
+++ b/src/data/best-practices/api-security/api-security.md
@@ -0,0 +1,27 @@
 ---
 jsonUrl: '/jsons/best-practices/api-security.json'
 pdfUrl: '/pdfs/best-practices/api-security.pdf'
 order: 2
 briefTitle: 'API Security'
 briefDescription: 'API Security Best Practices'
 isNew: true
 isUpcoming: false
 title: 'API Security Best Practices'
 description: 'Detailed list of best practices to make your APIs secure'
 dimensions:
  width: 968
  height: 1543.39
 schema:
  headline: 'API Security Best Practices'
  description: 'Detailed list of best practices to make your APIs secure. Each best practice carries further details and how to implement that best practice.'
  imageUrl: 'https://roadmap.sh/best-practices/api-security.png'
  datePublished: '2023-02-21'
  dateModified: '2023-02-21'
 seo:
  title: 'API Security Best Practices'
  description: 'Detailed list of best practices to make your APIs secure. Each best practice carries further details and how to implement that best practice.'
  keywords:
    - 'API Security'
    - 'API Security Best Practices'
    - 'API Security Checklist'
 ---
--- a/src/data/best-practices/api-security/content/api-gateway.md
+++ b/src/data/best-practices/api-security/content/api-gateway.md
@@ -0,0 +1 @@
 # Api gateway
--- a/src/data/best-practices/api-security/content/authentication-mechanisms.md
+++ b/src/data/best-practices/api-security/content/authentication-mechanisms.md
@@ -0,0 +1 @@
 # Authentication mechanisms
--- a/src/data/best-practices/api-security/content/authorization-header.md
+++ b/src/data/best-practices/api-security/content/authorization-header.md
@@ -0,0 +1 @@
 # Authorization header
--- a/src/data/best-practices/api-security/content/avoid-http-blocking.md
+++ b/src/data/best-practices/api-security/content/avoid-http-blocking.md
@@ -0,0 +1 @@
 # Avoid http blocking
--- a/src/data/best-practices/api-security/content/avoid-logging-sensitive-data.md
+++ b/src/data/best-practices/api-security/content/avoid-logging-sensitive-data.md
@@ -0,0 +1 @@
 # Avoid logging sensitive data
--- a/src/data/best-practices/api-security/content/avoid-personal-id-urls.md
+++ b/src/data/best-practices/api-security/content/avoid-personal-id-urls.md
@@ -0,0 +1 @@
 # Avoid personal id urls
--- a/src/data/best-practices/api-security/content/avoid-sensitive-data.md
+++ b/src/data/best-practices/api-security/content/avoid-sensitive-data.md
@@ -0,0 +1 @@
 # Avoid sensitive data
--- a/src/data/best-practices/api-security/content/cdn-for-file-uploads.md
+++ b/src/data/best-practices/api-security/content/cdn-for-file-uploads.md
@@ -0,0 +1 @@
 # Cdn for file uploads
--- a/src/data/best-practices/api-security/content/centralized-logins.md
+++ b/src/data/best-practices/api-security/content/centralized-logins.md
@@ -0,0 +1 @@
 # Centralized logins
--- a/src/data/best-practices/api-security/content/check-dependencies.md
+++ b/src/data/best-practices/api-security/content/check-dependencies.md
@@ -0,0 +1 @@
 # Check dependencies
--- a/src/data/best-practices/api-security/content/code-review-process.md
+++ b/src/data/best-practices/api-security/content/code-review-process.md
@@ -0,0 +1 @@
 # Code review process
--- a/src/data/best-practices/api-security/content/csp-header.md
+++ b/src/data/best-practices/api-security/content/csp-header.md
@@ -0,0 +1 @@
 # Csp header
--- a/src/data/best-practices/api-security/content/debug-mode-off.md
+++ b/src/data/best-practices/api-security/content/debug-mode-off.md
@@ -0,0 +1 @@
 # Debug mode off
--- a/src/data/best-practices/api-security/content/directory-listings.md
+++ b/src/data/best-practices/api-security/content/directory-listings.md
@@ -0,0 +1 @@
 # Directory listings
--- a/src/data/best-practices/api-security/content/disable-entity-expansion.md
+++ b/src/data/best-practices/api-security/content/disable-entity-expansion.md
@@ -0,0 +1 @@
 # Disable entity expansion
--- a/src/data/best-practices/api-security/content/disable-entity-parsing-xml.md
+++ b/src/data/best-practices/api-security/content/disable-entity-parsing-xml.md
@@ -0,0 +1 @@
 # Disable entity parsing xml
--- a/src/data/best-practices/api-security/content/endpoint-authentication.md
+++ b/src/data/best-practices/api-security/content/endpoint-authentication.md
@@ -0,0 +1 @@
 # Endpoint authentication
--- a/src/data/best-practices/api-security/content/force-content-type.md
+++ b/src/data/best-practices/api-security/content/force-content-type.md
@@ -0,0 +1 @@
 # Force content type
--- a/src/data/best-practices/api-security/content/good-jwt-secret.md
+++ b/src/data/best-practices/api-security/content/good-jwt-secret.md
@@ -0,0 +1 @@
 # Good jwt secret
--- a/src/data/best-practices/api-security/content/hsts-header.md
+++ b/src/data/best-practices/api-security/content/hsts-header.md
@@ -0,0 +1 @@
 # Hsts header
--- a/src/data/best-practices/api-security/content/index.md
+++ b/src/data/best-practices/api-security/content/index.md
@@ -0,0 +1 @@
 # 
--- a/src/data/best-practices/api-security/content/jwt-algorithm.md
+++ b/src/data/best-practices/api-security/content/jwt-algorithm.md
@@ -0,0 +1 @@
 # Jwt algorithm
--- a/src/data/best-practices/api-security/content/jwt-payload.md
+++ b/src/data/best-practices/api-security/content/jwt-payload.md
@@ -0,0 +1 @@
 # Jwt payload
--- a/src/data/best-practices/api-security/content/max-retry-jail.md
+++ b/src/data/best-practices/api-security/content/max-retry-jail.md
@@ -0,0 +1 @@
 # Max retry jail
--- a/src/data/best-practices/api-security/content/monitor-everything.md
+++ b/src/data/best-practices/api-security/content/monitor-everything.md
@@ -0,0 +1 @@
 # Monitor everything
--- a/src/data/best-practices/api-security/content/no-sniff-header.md
+++ b/src/data/best-practices/api-security/content/no-sniff-header.md
@@ -0,0 +1 @@
 # No sniff header
--- a/src/data/best-practices/api-security/content/non-executable-stacks.md
+++ b/src/data/best-practices/api-security/content/non-executable-stacks.md
@@ -0,0 +1 @@
 # Non executable stacks
--- a/src/data/best-practices/api-security/content/oauth-redirect-ui.md
+++ b/src/data/best-practices/api-security/content/oauth-redirect-ui.md
@@ -0,0 +1 @@
 # Oauth redirect ui
--- a/src/data/best-practices/api-security/content/oauth-state.md
+++ b/src/data/best-practices/api-security/content/oauth-state.md
@@ -0,0 +1 @@
 # Oauth state
--- a/src/data/best-practices/api-security/content/oauth-validate-scope.md
+++ b/src/data/best-practices/api-security/content/oauth-validate-scope.md
@@ -0,0 +1 @@
 # Oauth validate scope
--- a/src/data/best-practices/api-security/content/only-server-side-encryption.md
+++ b/src/data/best-practices/api-security/content/only-server-side-encryption.md
@@ -0,0 +1 @@
 # Only server side encryption
--- a/src/data/best-practices/api-security/content/payload-size.md
+++ b/src/data/best-practices/api-security/content/payload-size.md
@@ -0,0 +1 @@
 # Payload size
--- a/src/data/best-practices/api-security/content/prefer-uuid.md
+++ b/src/data/best-practices/api-security/content/prefer-uuid.md
@@ -0,0 +1 @@
 # Prefer uuid
--- a/src/data/best-practices/api-security/content/proper-http-methods.md
+++ b/src/data/best-practices/api-security/content/proper-http-methods.md
@@ -0,0 +1 @@
 # Proper http methods
--- a/src/data/best-practices/api-security/content/proper-response-code.md
+++ b/src/data/best-practices/api-security/content/proper-response-code.md
@@ -0,0 +1 @@
 # Proper response code
--- a/src/data/best-practices/api-security/content/recommended-resources.md
+++ b/src/data/best-practices/api-security/content/recommended-resources.md
@@ -0,0 +1 @@
 # Recommended resources
--- a/src/data/best-practices/api-security/content/remove-fingerprint-header.md
+++ b/src/data/best-practices/api-security/content/remove-fingerprint-header.md
@@ -0,0 +1 @@
 # Remove fingerprint header
--- a/src/data/best-practices/api-security/content/response-type-token.md
+++ b/src/data/best-practices/api-security/content/response-type-token.md
@@ -0,0 +1 @@
 # Response type token
--- a/src/data/best-practices/api-security/content/restrict-private-apis.md
+++ b/src/data/best-practices/api-security/content/restrict-private-apis.md
@@ -0,0 +1 @@
 # Restrict private apis
--- a/src/data/best-practices/api-security/content/rollback-deployments.md
+++ b/src/data/best-practices/api-security/content/rollback-deployments.md
@@ -0,0 +1 @@
 # Rollback deployments
--- a/src/data/best-practices/api-security/content/run-security-analysis.md
+++ b/src/data/best-practices/api-security/content/run-security-analysis.md
@@ -0,0 +1 @@
 # Run security analysis
--- a/src/data/best-practices/api-security/content/sensitive-data-encryption.md
+++ b/src/data/best-practices/api-security/content/sensitive-data-encryption.md
@@ -0,0 +1 @@
 # Sensitive data encryption
--- a/src/data/best-practices/api-security/content/set-alerts.md
+++ b/src/data/best-practices/api-security/content/set-alerts.md
@@ -0,0 +1 @@
 # Set alerts
--- a/src/data/best-practices/api-security/content/throttle-requests.md
+++ b/src/data/best-practices/api-security/content/throttle-requests.md
@@ -0,0 +1 @@
 # Throttle requests
--- a/src/data/best-practices/api-security/content/token-expiry.md
+++ b/src/data/best-practices/api-security/content/token-expiry.md
@@ -0,0 +1 @@
 # Token expiry
--- a/src/data/best-practices/api-security/content/unit-integration-tests.md
+++ b/src/data/best-practices/api-security/content/unit-integration-tests.md
@@ -0,0 +1 @@
 # Unit integration tests
--- a/src/data/best-practices/api-security/content/use-https.md
+++ b/src/data/best-practices/api-security/content/use-https.md
@@ -0,0 +1 @@
 # Use https
--- a/src/data/best-practices/api-security/content/use-ids-ips-system.md
+++ b/src/data/best-practices/api-security/content/use-ids-ips-system.md
@@ -0,0 +1 @@
 # Use ids ips system
--- a/src/data/best-practices/api-security/content/use-standard-authentication.md
+++ b/src/data/best-practices/api-security/content/use-standard-authentication.md
@@ -0,0 +1 @@
 # Use standard authentication
--- a/src/data/best-practices/api-security/content/validate-content-type.md
+++ b/src/data/best-practices/api-security/content/validate-content-type.md
@@ -0,0 +1 @@
 # Validate content type
--- a/src/data/best-practices/api-security/content/validate-user-input.md
+++ b/src/data/best-practices/api-security/content/validate-user-input.md
@@ -0,0 +1 @@
 # Validate user input
--- a/src/data/best-practices/api-security/content/x-frame-options-deny.md
+++ b/src/data/best-practices/api-security/content/x-frame-options-deny.md
@@ -0,0 +1 @@
 # X frame options deny