It's never been easier to launch a website or expose services over HTTP. It's also never been easier to make rookie mistakes in the authentication of those services.

This session is designed for the average developer/architect that's struggling to make sense of modern authentication options. You'll learn the differences between OAuth, API Keys, HMAC, JSON Web Tokens (JWT), SAML, OpenID Connect, and passkeys.

Don't worry if those things sound foreign; they'll be explained in a clear, practical way so that you can choose the appropriate tool for your needs without making rookie mistakes.

This is a re-tooled and re-written version of my "Securing Your API Endpoints". I've probably delivered it 10 times across all the iterations, but this version is dramatically improved.

I always get a few people each conference telling me that the talk was _exactly_ what they needed, and I'm quite confident that I can make it a good use of attendee time.

The most recent version includes an updated section on passwordless.