Add content for API security best practices

2025-08-16 06:04:24 +02:00 · 2023-02-21 15:16:15 +00:00
parent e45c49a404
commit 7a4c077a90
56 changed files with 81 additions and 1 deletions
--- a/public/best-practices/api-security.png
+++ b/public/best-practices/api-security.png
--- a/public/jsons/best-practices/api-security.json
+++ b/public/jsons/best-practices/api-security.json
--- a/src/data/best-practices/api-security/api-security.md
+++ b/src/data/best-practices/api-security/api-security.md
@@ -0,0 +1,27 @@
+---
+jsonUrl: '/jsons/best-practices/api-security.json'
+pdfUrl: '/pdfs/best-practices/api-security.pdf'
+order: 2
+briefTitle: 'API Security'
+briefDescription: 'API Security Best Practices'
+isNew: true
+isUpcoming: false
+title: 'API Security Best Practices'
+description: 'Detailed list of best practices to make your APIs secure'
+dimensions:
+  width: 968
+  height: 1543.39
+schema:
+  headline: 'API Security Best Practices'
+  description: 'Detailed list of best practices to make your APIs secure. Each best practice carries further details and how to implement that best practice.'
+  imageUrl: 'https://roadmap.sh/best-practices/api-security.png'
+  datePublished: '2023-02-21'
+  dateModified: '2023-02-21'
+seo:
+  title: 'API Security Best Practices'
+  description: 'Detailed list of best practices to make your APIs secure. Each best practice carries further details and how to implement that best practice.'
+  keywords:
+    - 'API Security'
+    - 'API Security Best Practices'
+    - 'API Security Checklist'
+---
--- a/src/data/best-practices/api-security/content/api-gateway.md
+++ b/src/data/best-practices/api-security/content/api-gateway.md
@@ -0,0 +1 @@
+# Api gateway
--- a/src/data/best-practices/api-security/content/authentication-mechanisms.md
+++ b/src/data/best-practices/api-security/content/authentication-mechanisms.md
@@ -0,0 +1 @@
+# Authentication mechanisms
--- a/src/data/best-practices/api-security/content/authorization-header.md
+++ b/src/data/best-practices/api-security/content/authorization-header.md
@@ -0,0 +1 @@
+# Authorization header
--- a/src/data/best-practices/api-security/content/avoid-http-blocking.md
+++ b/src/data/best-practices/api-security/content/avoid-http-blocking.md
@@ -0,0 +1 @@
+# Avoid http blocking
--- a/src/data/best-practices/api-security/content/avoid-logging-sensitive-data.md
+++ b/src/data/best-practices/api-security/content/avoid-logging-sensitive-data.md
@@ -0,0 +1 @@
+# Avoid logging sensitive data
--- a/src/data/best-practices/api-security/content/avoid-personal-id-urls.md
+++ b/src/data/best-practices/api-security/content/avoid-personal-id-urls.md
@@ -0,0 +1 @@
+# Avoid personal id urls
--- a/src/data/best-practices/api-security/content/avoid-sensitive-data.md
+++ b/src/data/best-practices/api-security/content/avoid-sensitive-data.md
@@ -0,0 +1 @@
+# Avoid sensitive data
--- a/src/data/best-practices/api-security/content/cdn-for-file-uploads.md
+++ b/src/data/best-practices/api-security/content/cdn-for-file-uploads.md
@@ -0,0 +1 @@
+# Cdn for file uploads
--- a/src/data/best-practices/api-security/content/centralized-logins.md
+++ b/src/data/best-practices/api-security/content/centralized-logins.md
@@ -0,0 +1 @@
+# Centralized logins
--- a/src/data/best-practices/api-security/content/check-dependencies.md
+++ b/src/data/best-practices/api-security/content/check-dependencies.md
@@ -0,0 +1 @@
+# Check dependencies
--- a/src/data/best-practices/api-security/content/code-review-process.md
+++ b/src/data/best-practices/api-security/content/code-review-process.md
@@ -0,0 +1 @@
+# Code review process
--- a/src/data/best-practices/api-security/content/csp-header.md
+++ b/src/data/best-practices/api-security/content/csp-header.md
@@ -0,0 +1 @@
+# Csp header
--- a/src/data/best-practices/api-security/content/debug-mode-off.md
+++ b/src/data/best-practices/api-security/content/debug-mode-off.md
@@ -0,0 +1 @@
+# Debug mode off
--- a/src/data/best-practices/api-security/content/directory-listings.md
+++ b/src/data/best-practices/api-security/content/directory-listings.md
@@ -0,0 +1 @@
+# Directory listings
--- a/src/data/best-practices/api-security/content/disable-entity-expansion.md
+++ b/src/data/best-practices/api-security/content/disable-entity-expansion.md
@@ -0,0 +1 @@
+# Disable entity expansion
--- a/src/data/best-practices/api-security/content/disable-entity-parsing-xml.md
+++ b/src/data/best-practices/api-security/content/disable-entity-parsing-xml.md
@@ -0,0 +1 @@
+# Disable entity parsing xml
--- a/src/data/best-practices/api-security/content/endpoint-authentication.md
+++ b/src/data/best-practices/api-security/content/endpoint-authentication.md
@@ -0,0 +1 @@
+# Endpoint authentication
--- a/src/data/best-practices/api-security/content/force-content-type.md
+++ b/src/data/best-practices/api-security/content/force-content-type.md
@@ -0,0 +1 @@
+# Force content type
--- a/src/data/best-practices/api-security/content/good-jwt-secret.md
+++ b/src/data/best-practices/api-security/content/good-jwt-secret.md
@@ -0,0 +1 @@
+# Good jwt secret
--- a/src/data/best-practices/api-security/content/hsts-header.md
+++ b/src/data/best-practices/api-security/content/hsts-header.md
@@ -0,0 +1 @@
+# Hsts header
--- a/src/data/best-practices/api-security/content/index.md
+++ b/src/data/best-practices/api-security/content/index.md
@@ -0,0 +1 @@
+# 
--- a/src/data/best-practices/api-security/content/jwt-algorithm.md
+++ b/src/data/best-practices/api-security/content/jwt-algorithm.md
@@ -0,0 +1 @@
+# Jwt algorithm
--- a/src/data/best-practices/api-security/content/jwt-payload.md
+++ b/src/data/best-practices/api-security/content/jwt-payload.md
@@ -0,0 +1 @@
+# Jwt payload
--- a/src/data/best-practices/api-security/content/max-retry-jail.md
+++ b/src/data/best-practices/api-security/content/max-retry-jail.md
@@ -0,0 +1 @@
+# Max retry jail
--- a/src/data/best-practices/api-security/content/monitor-everything.md
+++ b/src/data/best-practices/api-security/content/monitor-everything.md
@@ -0,0 +1 @@
+# Monitor everything
--- a/src/data/best-practices/api-security/content/no-sniff-header.md
+++ b/src/data/best-practices/api-security/content/no-sniff-header.md
@@ -0,0 +1 @@
+# No sniff header
--- a/src/data/best-practices/api-security/content/non-executable-stacks.md
+++ b/src/data/best-practices/api-security/content/non-executable-stacks.md
@@ -0,0 +1 @@
+# Non executable stacks
--- a/src/data/best-practices/api-security/content/oauth-redirect-ui.md
+++ b/src/data/best-practices/api-security/content/oauth-redirect-ui.md
@@ -0,0 +1 @@
+# Oauth redirect ui
--- a/src/data/best-practices/api-security/content/oauth-state.md
+++ b/src/data/best-practices/api-security/content/oauth-state.md
@@ -0,0 +1 @@
+# Oauth state
--- a/src/data/best-practices/api-security/content/oauth-validate-scope.md
+++ b/src/data/best-practices/api-security/content/oauth-validate-scope.md
@@ -0,0 +1 @@
+# Oauth validate scope
--- a/src/data/best-practices/api-security/content/only-server-side-encryption.md
+++ b/src/data/best-practices/api-security/content/only-server-side-encryption.md
@@ -0,0 +1 @@
+# Only server side encryption
--- a/src/data/best-practices/api-security/content/payload-size.md
+++ b/src/data/best-practices/api-security/content/payload-size.md
@@ -0,0 +1 @@
+# Payload size
--- a/src/data/best-practices/api-security/content/prefer-uuid.md
+++ b/src/data/best-practices/api-security/content/prefer-uuid.md
@@ -0,0 +1 @@
+# Prefer uuid
--- a/src/data/best-practices/api-security/content/proper-http-methods.md
+++ b/src/data/best-practices/api-security/content/proper-http-methods.md
@@ -0,0 +1 @@
+# Proper http methods
--- a/src/data/best-practices/api-security/content/proper-response-code.md
+++ b/src/data/best-practices/api-security/content/proper-response-code.md
@@ -0,0 +1 @@
+# Proper response code
--- a/src/data/best-practices/api-security/content/recommended-resources.md
+++ b/src/data/best-practices/api-security/content/recommended-resources.md
@@ -0,0 +1 @@
+# Recommended resources
--- a/src/data/best-practices/api-security/content/remove-fingerprint-header.md
+++ b/src/data/best-practices/api-security/content/remove-fingerprint-header.md
@@ -0,0 +1 @@
+# Remove fingerprint header
--- a/src/data/best-practices/api-security/content/response-type-token.md
+++ b/src/data/best-practices/api-security/content/response-type-token.md
@@ -0,0 +1 @@
+# Response type token
--- a/src/data/best-practices/api-security/content/restrict-private-apis.md
+++ b/src/data/best-practices/api-security/content/restrict-private-apis.md
@@ -0,0 +1 @@
+# Restrict private apis
--- a/src/data/best-practices/api-security/content/rollback-deployments.md
+++ b/src/data/best-practices/api-security/content/rollback-deployments.md
@@ -0,0 +1 @@
+# Rollback deployments
--- a/src/data/best-practices/api-security/content/run-security-analysis.md
+++ b/src/data/best-practices/api-security/content/run-security-analysis.md
@@ -0,0 +1 @@
+# Run security analysis
--- a/src/data/best-practices/api-security/content/sensitive-data-encryption.md
+++ b/src/data/best-practices/api-security/content/sensitive-data-encryption.md
@@ -0,0 +1 @@
+# Sensitive data encryption
--- a/src/data/best-practices/api-security/content/set-alerts.md
+++ b/src/data/best-practices/api-security/content/set-alerts.md
@@ -0,0 +1 @@
+# Set alerts
--- a/src/data/best-practices/api-security/content/throttle-requests.md
+++ b/src/data/best-practices/api-security/content/throttle-requests.md
@@ -0,0 +1 @@
+# Throttle requests
--- a/src/data/best-practices/api-security/content/token-expiry.md
+++ b/src/data/best-practices/api-security/content/token-expiry.md
@@ -0,0 +1 @@
+# Token expiry
--- a/src/data/best-practices/api-security/content/unit-integration-tests.md
+++ b/src/data/best-practices/api-security/content/unit-integration-tests.md
@@ -0,0 +1 @@
+# Unit integration tests
--- a/src/data/best-practices/api-security/content/use-https.md
+++ b/src/data/best-practices/api-security/content/use-https.md
@@ -0,0 +1 @@
+# Use https
--- a/src/data/best-practices/api-security/content/use-ids-ips-system.md
+++ b/src/data/best-practices/api-security/content/use-ids-ips-system.md
@@ -0,0 +1 @@
+# Use ids ips system
--- a/src/data/best-practices/api-security/content/use-standard-authentication.md
+++ b/src/data/best-practices/api-security/content/use-standard-authentication.md
@@ -0,0 +1 @@
+# Use standard authentication
--- a/src/data/best-practices/api-security/content/validate-content-type.md
+++ b/src/data/best-practices/api-security/content/validate-content-type.md
@@ -0,0 +1 @@
+# Validate content type
--- a/src/data/best-practices/api-security/content/validate-user-input.md
+++ b/src/data/best-practices/api-security/content/validate-user-input.md
@@ -0,0 +1 @@
+# Validate user input
--- a/src/data/best-practices/api-security/content/x-frame-options-deny.md
+++ b/src/data/best-practices/api-security/content/x-frame-options-deny.md
@@ -0,0 +1 @@
+# X frame options deny