OAuth secures APIs with a temporary, encrypted access token. This is much more secure than basic authorization, but also harder to implement. Because: which flow should be used in which situation? What is the difference between authorization and authentication? And are there any implementation constraints that you didn’t even think about? This talk will explain OAuth from its fundamentals to the implementation details. I will show a working setup, so when you leave you will be able to create your own secured API.