StepZen is now part of IBM. For the most recent product information and updates go to
https://www.ibm.com/products/stepzen
Blog

Security

Authenticating GraphQL APIs with OAuth 2.0

Authenticating GraphQL APIs with OAuth 2.0

There are many different ways to handle authentication in GraphQL, but one of the most common is to use OAuth 2.0 - and more specifically JSON Web Tokens (JWT) or Client Credentials.

How to Reduce Security Risks in API Architectures: GraphQL Architecture Master Class

How to Reduce Security Risks in API Architectures: GraphQL Architecture Master Class

You know how to secure REST endpoints. But are you worried about securing GraphQL? Is GraphQL less secure than REST? What do developers need to know? Should developers design the API first, secure it second? We hope you walk away with ideas and best practices for the ever-important topic of API security.

How to Use Access Control Policies to Manage Introspection

How to Use Access Control Policies to Manage Introspection

GraphQL APIs allow for introspection to view the schema. However, a best practice is to turn off introspection in production. Access Control policies allow for this.

GraphQL Makes Data Liquid — What It Means for Data Protection

GraphQL Makes Data Liquid — What It Means for Data Protection

GraphQL makes enterprise data “liquid” from a consumption perspective. But with such liquidity comes the possibility of opening new vulnerabilities. In this article, we explore challenges for data rights, data protection, and data sovereignty and describe mechanisms that can mitigate them.

Easy Attribute-based Access Control for any GraphQL API

Easy Attribute-based Access Control for any GraphQL API

GraphQL APIs are excellent for frontend developers, providing a simpler interface and more capabilities with a single request. However, this does raise security questions. Here we look at a StepZen feature designed to help address those security concerns.