API Evangelist API Evangelist
API Learnings
APIs
API Governance
API Solutions
API Discovery
API Building Blocks
API Evangelist LLC
API Learnings
APIs
API Governance
API Solutions
API Discovery
API Building Blocks
API Evangelist LLC

Need help?

Contact us

OWASP API2 2023 Short Lived Access Tokens

Using short-lived access tokens is a good practice. When using OAuth 2, this is done by using refresh tokens. If a malicious actor is able to get hold of an access token then rotation means that token might not work by the time they try to use it.

#OWASP #Security #OAuth #Tokens #OpenAPI
← Back to all Rules
Rule Details
Severity error
Given $.components.securitySchemes[?(@.type=="oauth2")].flows[?(@property != "clientCredentials")]
Slug owasp-api2-2023-short-lived-access-tokens-error
Explore more

Navigate related API building blocks.

All Rules Policies Guidance Schemas