DEV Community

Discussion on: API Security Best Practices

Collapse
dezfowler profile image
Derek Fowler

Great article.

Glad you called out securing resources as it's often overlooked.

Thought I'd share this Dominick Baier quote:

"Authorisation should happen as close as possible to the resource you are trying to protect"

And I usually add...

"and it should happen in one place"

As you point out, duplication of authz logic in endpoints is asking for trouble and that's something I try to keep top of mind whenever designing the authn/authz pieces of a system.