access_token | A temporary token that provides access to OAuth-protected APIs |
API | Application Programming Interface. In the context of this book, they are mainly REST –based |
API Key | An identifier of an application presented at an API |
API management | A reference to all aspects of an API development environment: API developer onboarding, API documentation, API monetization, and API implementation as well as API lifecycle |
CI/CD | Continuous Integration/Continuous Deployment |
Contract first | Starting the API development based on documentation rather than an implementation |
CORBA | Common Object Request Broker Architecture |
CSR | Certificate Signing Request |
Docker | A container platform |
Docker image | The source for a Docker container |
ESB | Enterprise Service Bus |
FAPI | Financial-grade API. A working group in the context of the OpenID Foundation |
FIPS | Federal Information Processing Standards |
ICAP | Internet Content Adaptation Protocol. An interface used to, for example, request a virus scan via an API call |
IDP | Identity provider. A source of identities |
IIW | Internet Identity Workshop. The place where OAuth 2.0 and OpenID Connect were initiated |
JWE | JSON Web Encryption |
JWKS | JSON Web Key Set. A list of public keys used to verify a JWS |
JWS | JSON Web Signature |
JWT | JSON Web Token. A JSON-based message format supporting digital signatures and encryption |
LDAP | Lightweight Access Directory Protocol |
Let’s Encrypt | A free service for issuing SSL certificates |
Microservice | A term found in the context of microservice architecture. An API (microservice) serving one purpose only |
Mobile first | An approach of supporting mobile use cases and mobile users first |
MVP | Minimum viable product. A version of a product that supports the least number of features that are required to make it usable |
NFC | Near-field communication |
NIST | National Institute of Standards and Technology |
OAuth 2.0 | An authorization framework. It uses different types of tokens to provide access to OAuth-protected APIs |
Omnipresence | Being represented on multiple platforms at the same time |
OTP | One-time password |
PCI | Payment Card Industries. Also PCI DSS, Payment Card Industry Data Security Standard |
PSD2 | Payment Service Directive 2. A European law to force banks to provide API access to accounts |
QA | Quality assurance |
RESTFul | Representational State Transfer |
RFC | Request For Comment. In the context of this book, RFC 6749, 7515, 7519 |
Roadmap | An indication of features planned for the near future |
SAML | Security Assertion Markup Language. A XML-based message format used for authentication and authorizations |
SCOPE (OAuth) | A list of values representing permissions in the context of OAuth |
SLA | Service-level agreement |
SOAP | Simple Object Access Protocol. An XML-based message format for exchanging data |
Social login | The process of authenticating users by their username provided by a social platform |
Step-up authentication | Requiring an authentication method that indicates a higher trust than a previous authentication mechanism |
Swagger | A machine-readable document describing an API definition |
TLS | Transport Layer Security |
WADL | Web Application Description Language |
WAF | Web application firewall |
WSDL | Web Service Description Language |
YAML | YAML Ain’t Markup Language. A clear text message format, usually used for configurations |