
Ask HN: Best practice to secure an API? - tixocloud
Hi folks,<p>Wondering if there are any security experts on HN who can guide me on securing an API (on Django REST)? What’s the best way and what are some things I need to consider in terms of ease of use vs complexity?<p>Thanks in advance!
======
savethefuture
Secure it how? What are you trying to secure about it? Who or what is using
the api? What level of security do you need? I recommend you Duck "Django rest
api security".

~~~
tixocloud
In general, control who accesses the API and prevent from being hacked or
manipulated. Worried that credentials/private information are stolen as well.
Basically we do identity verification so as secure as possible without over
complicating things?

Wonder if JSON Web Tokens with OAuth is enough or is 2FA the way to go for max
security.

~~~
minhaz23
Hey do you have an @ I can pm you at?

~~~
tixocloud
Email is in my profile.

~~~
minhaz23
im sorry but im not seeing it, is it your handle@gmail?

