Required

This section covers rules around paths and resource addressing in API’s.

Every resource server must provide a set of standard endpoints to ensure that clients can discover and interact with the service.

How to determine whether a user, system, or other principal has the necessary permissions to perform an action or access a resource.

Cookies are a bad idea. Don’t use them.

A full implementation of the W3C’s Cross-Origin Resource Sharing (CORS) specification is required.

A variety of headers that can be added to every response to help protect your API from common web security vulnerabilities.

Tag: Required