APISEC: Safe API's for fintech companies (APISEC)

General purpose The overall goal of the APISEC project is to enable software vendors in the fintech sector to quickly and effectively use complex new technologies in API security as a fundamental lever for their success in the digital economy. The practical goal is the knowledge building and knowledge transfer of a useful framework to facilitate the assessment and application of advanced API security tailored to this sector. This framework consists of three parts: (1) Architectures, blueprints and trade-offs for advanced authentication and authorization models that allow access to partners, customers, end users and machines through heterogeneous clients such as web, mobile and M2M (machine-to-machine). (2) The security of API clients, such as web and mobile clients, and the secure consumption of web-based APIs including the handling of credentials (eg API keys, tokens and passwords). (3) Server-based security through deployment and enforcement of security policies, and advanced security technologies such as API gateways, rate-limiting, logging and monitoring, as well as centralized and externalized authentication or authorization. Secondly, this framework also provides leverage for other sectors and players. Concrete goals and criteria The concrete goals of the APISEC project are to broaden the knowledge and to make the knowledge about advanced API security technologies applicable, so that the adoption and application for opening up web API in the fintech sector in Flanders is accelerated. This is addressed by enabling target audience members to go through 5 stages during a growth process: 1. Awareness of current security problems, insight into security requirements and needs for external web APIs. 2. Basic knowledge of relevant standards and technologies for API security such as JWT, OAuth2, etc ... 3. Advanced knowledge of state-of-the-art API security technologies as defined in the knowledge structure of this project. These must be combined into a secure end-to-end solution, taking into account the advantages and disadvantages of trade-offs. 4. Definition of a concrete approach for API security and a security architecture based on 1, 2 and 3. 5. The realization and effective roll-out of an API security architecture