https://www.youtube.com/watch?v=6WZ6S-qmtqY
Tips
Use HTTPS
Use OAuth2
- Ask for permission
- Get an access token

Use WebAuthn
- Replaces password based auth
- Uses biometrics
Use Leveled API Keys
- Different API keys with different levels of access
- Example
- Read only key
- Write key
- Admin key
- Be sure to rotate keys still
- Expiration times are smart
Implement Authorization
- Use RBAC to control access
Rate Limiting
API Versioning