API security is always a major consideration, but most API developers feel like they are not equipped with the skills necessary to properly secure an API.
In this presentation, we will talk about how some common API gateway security mechanisms can work effectively to secure a MuleSoft API. We will start with key concepts of API security such as zero trust, OAuth 2.0, and access control. Then, we will demonstrate a secure method to protect your APIs using OAuth 2.0 and token introspection to achieve access control on a MuleSoft API. The solution will demonstrate how to use the combination of MuleSoft security policies and a powerful identity provider in PingFederate by Ping Identity to achieve API security on MuleSoft APIs.
No API security session is complete without discussing different methods of API security and lessons learned from working through the demo so we will close with discussing various options that can be used to achieve similar results for API security and what the benefits or downfalls are of each option.
MuleSoft
Sr. Customer Success Technical Architect
Mike is a Sr. Customer Success Technical Architect with MuleSoft helping their most strategic customers adopt organizational, operational, and architectural best practices. Prior to this, Mike was MuleSoft customer serving as a Sr. Architect for a large financial services company leading API strategy initiatives and delivery on critical integration, CRM, and BPM projects.
Mike is a Sr. Customer Success Technical Architect with MuleSoft helping their most strategic customers adopt organizational, operational, and architectural best practices. Prior to this, Mike was MuleSoft customer serving as a Sr. Architect for a large financial services company leading API strategy initiatives and delivery on critical integration, CRM, and BPM projects.
Argano
MuleSoft Practice Manager
Argano
Marketing & Event Coordinator
