# Security > An index and topic collection covering API security, identity, access management, secrets management, encryption, and threat protection. API security spans the full lifecycle of an API, from designing strong authentication and authorization, to managing keys, secrets, and certificates, to protect... This is the **Security** topic area of [API Evangelist](https://apievangelist.com) — a network of focused knowledge bases drawn from 16 years of independent API research by Kin Lane. Browse all areas at https://apievangelist.com/areas/. ## Services & Tools - [1Password](https://providers.apis.io/providers/1password/) (repo: https://github.com/api-evangelist/1password) - [42Crunch](https://providers.apis.io/providers/42crunch/) (repo: https://github.com/api-evangelist/42crunch) - [Akamai](https://providers.apis.io/providers/akamai/) (repo: https://github.com/api-evangelist/akamai) - [Amazon Cognito](https://providers.apis.io/providers/amazon-cognito/) (repo: https://github.com/api-evangelist/amazon-cognito) - [Amazon GuardDuty](https://providers.apis.io/providers/amazon-guardduty/) (repo: https://github.com/api-evangelist/amazon-guardduty) - [Amazon IAM](https://providers.apis.io/providers/amazon-iam/) (repo: https://github.com/api-evangelist/amazon-iam) - [Amazon KMS](https://providers.apis.io/providers/amazon-kms/) (repo: https://github.com/api-evangelist/amazon-kms) - [Amazon Secrets Manager](https://providers.apis.io/providers/amazon-secrets-manager/) (repo: https://github.com/api-evangelist/amazon-secrets-manager) - [Amazon Security Hub](https://providers.apis.io/providers/amazon-security-hub/) (repo: https://github.com/api-evangelist/amazon-security-hub) - [Amazon Shield](https://providers.apis.io/providers/amazon-shield/) (repo: https://github.com/api-evangelist/amazon-shield) - [Amazon WAF](https://providers.apis.io/providers/amazon-waf/) (repo: https://github.com/api-evangelist/amazon-waf) - [Aqua Security](https://providers.apis.io/providers/aqua-security/) (repo: https://github.com/api-evangelist/aqua-security) - [Auth0](https://providers.apis.io/providers/auth0/) (repo: https://github.com/api-evangelist/auth0) - [Authelia](https://providers.apis.io/providers/authelia/) (repo: https://github.com/api-evangelist/authelia) - [BeyondTrust](https://providers.apis.io/providers/beyondtrust/) (repo: https://github.com/api-evangelist/beyondtrust) - [Check Point](https://providers.apis.io/providers/checkpoint/) (repo: https://github.com/api-evangelist/checkpoint) - [Cilium](https://providers.apis.io/providers/cilium/) (repo: https://github.com/api-evangelist/cilium) - [Cloudflare](https://providers.apis.io/providers/cloudflare/) (repo: https://github.com/api-evangelist/cloudflare) - [CrowdStrike](https://providers.apis.io/providers/crowdstrike/) (repo: https://github.com/api-evangelist/crowdstrike) - [CyberArk](https://providers.apis.io/providers/cyberark/) (repo: https://github.com/api-evangelist/cyberark) - [Digicert](https://providers.apis.io/providers/digicert/) (repo: https://github.com/api-evangelist/digicert) - [Duo Security](https://providers.apis.io/providers/duo-security/) (repo: https://github.com/api-evangelist/duo-security) - [F5 Networks](https://providers.apis.io/providers/f5-networks/) (repo: https://github.com/api-evangelist/f5-networks) - [Falco](https://providers.apis.io/providers/falco/) (repo: https://github.com/api-evangelist/falco) - [ForgeRock](https://providers.apis.io/providers/forgerock/) (repo: https://github.com/api-evangelist/forgerock) - [Fortinet](https://providers.apis.io/providers/fortinet/) (repo: https://github.com/api-evangelist/fortinet) - [HashiCorp Vault](https://providers.apis.io/providers/hashicorp-vault/) (repo: https://github.com/api-evangelist/hashicorp-vault) - [JFrog](https://providers.apis.io/providers/jfrog/) (repo: https://github.com/api-evangelist/jfrog) - [JumpCloud](https://providers.apis.io/providers/jumpcloud/) (repo: https://github.com/api-evangelist/jumpcloud) - [Keycloak](https://providers.apis.io/providers/keycloak/) (repo: https://github.com/api-evangelist/keycloak) - [Let's Encrypt](https://providers.apis.io/providers/lets-encrypt/) (repo: https://github.com/api-evangelist/lets-encrypt) - [Logto](https://providers.apis.io/providers/logto/) (repo: https://github.com/api-evangelist/logto) - [Microsoft Entra](https://providers.apis.io/providers/microsoft-entra/) (repo: https://github.com/api-evangelist/microsoft-entra) - [Okta](https://providers.apis.io/providers/okta/) (repo: https://github.com/api-evangelist/okta) - [OneLogin](https://providers.apis.io/providers/onelogin/) (repo: https://github.com/api-evangelist/onelogin) - [OpenFGA](https://providers.apis.io/providers/openfga/) (repo: https://github.com/api-evangelist/openfga) - [Ory](https://providers.apis.io/providers/ory/) (repo: https://github.com/api-evangelist/ory) - [Palo Alto Networks](https://providers.apis.io/providers/palo-alto-networks/) (repo: https://github.com/api-evangelist/palo-alto-networks) - [Ping Identity](https://providers.apis.io/providers/ping-identity/) (repo: https://github.com/api-evangelist/ping-identity) - [Qualys](https://providers.apis.io/providers/qualys/) (repo: https://github.com/api-evangelist/qualys) - [Rapid7](https://providers.apis.io/providers/rapid7/) (repo: https://github.com/api-evangelist/rapid7) - [SailPoint](https://providers.apis.io/providers/sailpoint/) (repo: https://github.com/api-evangelist/sailpoint) - [Sigstore](https://providers.apis.io/providers/sigstore/) (repo: https://github.com/api-evangelist/sigstore) - [Snyk](https://providers.apis.io/providers/snyk/) (repo: https://github.com/api-evangelist/snyk) - [Sonatype](https://providers.apis.io/providers/sonatype/) (repo: https://github.com/api-evangelist/sonatype) - [SPIFFE](https://providers.apis.io/providers/spiffe/) (repo: https://github.com/api-evangelist/spiffe) - [StackRox](https://providers.apis.io/providers/stackrox/) (repo: https://github.com/api-evangelist/stackrox) - [SuperTokens](https://providers.apis.io/providers/supertokens/) (repo: https://github.com/api-evangelist/supertokens) - [Symantec](https://providers.apis.io/providers/symantec/) (repo: https://github.com/api-evangelist/symantec) - [Sysdig](https://providers.apis.io/providers/sysdig/) (repo: https://github.com/api-evangelist/sysdig) - [Trivy](https://providers.apis.io/providers/trivy/) (repo: https://github.com/api-evangelist/trivy) - [Veracode](https://providers.apis.io/providers/veracode/) (repo: https://github.com/api-evangelist/veracode) ## Common Features - **Authentication and Identity**: Identity platforms like Okta, Auth0, Keycloak, and Microsoft Entra provide OAuth 2.0, OIDC, SAML, and social login flows so APIs do not have to roll their own authentication. - **Authorization and Fine-Grained Access**: Tools like OpenFGA, Ory, Amazon Verified Permissions, and SailPoint implement role-based, attribute-based, and relationship-based access control at the API and resource level. - **Secrets and Key Management**: Platforms like HashiCorp Vault, AWS KMS, Azure Key Vault, and 1Password centralize the storage, rotation, and auditing of API keys, tokens, database credentials, and encryption keys. - **API Threat Protection and WAF**: Edge security platforms like Cloudflare, Akamai, Amazon WAF, and Fortinet inspect API traffic for OWASP API Top 10 attacks, bot abuse, credential stuffing, and DDoS at the network edge. - **API Security Posture and Scanning**: Specialized API security tools like 42Crunch, Traceable, and Salt scan OpenAPI specifications and live traffic for misconfigurations, broken authentication, and excessive data exposure. - **Software Supply Chain Security**: Tools like Snyk, Sonatype, JFrog Xray, Sigstore, and Trivy scan code, dependencies, containers, and artifacts for vulnerabilities and verify provenance before APIs reach production. - **Runtime and Workload Security**: Runtime security platforms like Falco, Sysdig, Aqua Security, and StackRox monitor containers and Kubernetes workloads that host APIs for suspicious behavior and policy violations. - **Certificate and TLS Management**: Certificate authorities and managers like Let's Encrypt, DigiCert, and AWS Private CA issue, rotate, and revoke TLS certificates that secure API endpoints in transit. ## Use Cases - **OAuth 2.0 and OIDC for API Access**: Use an identity provider like Okta, Auth0, or Keycloak to issue access tokens and ID tokens that API gateways and services validate on every request. - **Centralized Secrets for Microservices**: Replace hard-coded credentials with short-lived secrets fetched from HashiCorp Vault or AWS Secrets Manager so each service authenticates with its own dynamically issued identity. - **WAF and Bot Mitigation in Front of APIs**: Place a WAF like Cloudflare or Akamai in front of public APIs to block OWASP API Top 10 attacks, credential stuffing, scraping bots, and volumetric DDoS before they reach origin. - **API Security Testing in CI/CD**: Integrate API security scanners like 42Crunch and dependency scanners like Snyk into CI/CD pipelines so vulnerabilities are caught before APIs ship. - **Privileged Access Management**: Use CyberArk, BeyondTrust, or 1Password to broker, monitor, and rotate access to administrative APIs and infrastructure credentials. - **Zero Trust and Workload Identity**: Issue cryptographic workload identities with SPIFFE/SPIRE so services authenticate to APIs using verifiable identities instead of static API keys. - **Vulnerability and Posture Management**: Continuously scan APIs, hosts, containers, and cloud accounts with Qualys, Rapid7, CrowdStrike, or Sysdig to detect exposed endpoints and misconfigurations. - **Signed Artifacts and Supply Chain Attestation**: Use Sigstore, Sonatype, and JFrog Xray to sign, verify, and attest the provenance of API server images and their dependencies. ## Related Areas - [Authentication](https://authentication.apievangelist.com): A curated index of services, tooling, and open source solutions for API authentication, authorization, identity manag... - [SaaS Management](https://saas-management.apievangelist.com): SaaS Management covers the tools, platforms, and practices used by organizations to discover, manage, optimize, and s... - [Gateway](https://gateway.apievangelist.com): A collection of services, tooling, and open source solutions for API gateway management and traffic control, covering... - [FinOps](https://finops.apievangelist.com): FinOps is a cloud financial management discipline combining technology, finance, and business practices to drive acco... - [Management](https://management.apievangelist.com): An index and topic collection covering full-stack API management platforms — solutions that combine an API gateway, d... - [Containers](https://containers.apievangelist.com): An index of container runtime, orchestration, registry, security, and build tool repositories tracking the services a... ## More - [Latest Security stories](/stories/) - [All API Evangelist topic areas](https://apievangelist.com/areas/) - [API Evangelist network index (llms.txt)](https://apievangelist.com/llms.txt)