Authorization complements authentication. It is not enough to just know who accesses your API or API operations, you want to make sure they are actually allowed to do so.

The OAuth 2.0 accessCode flow is considered the most secure way to provide API authorization.

Browse through this section to see the details of each API security risk related to authorization.