What’s my preferred system level integration authentication
It is very common that one system needs to talk to another in this digital era. Systems no longer exist in isolation. With the increasing number of systems integrated, the way of verifying if a system is who it claims to be has become important, especially with the increasing cyber security risk.
From past experience, I’d recommend the following ways to secure your integration (API based):
- Mutual TLS OAuth 2.0 (mTLS OAuth 2.0)
- Plain OAuth 2.0
- Basic authentication
- In body of request
- In header
- NEVER as a parameter
- API key only – this shouldn’t be considered a form of authentication, as its meant for tracking purposes only
