Looking for best practices for creating secure api's some of which are restricted to authenticated users while others are open
I came across the api protection features but that ties into azure as it appears and the client wants other options so looking for other middleware(s)
Auth is via oauth2/openid
some of the features would be -
- role based access
- mixed access - public & private api's
- rate limiting / throttling
- possibility of limiting/blocking bad actors/clients
and any others that go along with the stack :)
most of the articles/resources using google etc are dated so looking for current/modern best practices/libraries