Security Boulevard

API Keys vs. JWTs: Choosing the Right Auth Method for Your API

A developer needs to connect a service to an API. The documentation says to generate an API key, store it in an environment variable and pass it in a header. Five minutes later, the integration works.
Computerworld

How to perform basic API authorization for mobile applications

You have a lot of options to choose from when laying out an authorization structure for mobile applications that communicate with a web API. For basic scenarios with low to medium security ...