a Privilege, not a Right! ▸Learn OAuth 2, OIDC, JWT and Bearer Tokens ▸Secure EVERY endpoint
(yes, that’s expensive, there’s nothing like a „session“) ▸Don’t build your own AuthN/AuthZ Solution!!! ▸Use API-Keys, but don’t rely on them ▸Use Access Control Lists (ACLs) SERVERLESS SECURITY