APIs offer app developers tremendous potential to build innovative tools that leverage a customer's existing data. But navigating the world of API authorization, with its maze of acronyms and protocol flows, can be confusing. Do you have an API token or an access token? What's the difference between 2-legged OAuth, 3-legged OAuth, and OpenID Connect? And how does all this protect my users' passwords while giving my apps the ability to access their data? If you do it right, you open up tremendous opportunities, but if you do it wrong, you can put your apps and your users' data at risk.

In this session, we'll demystify the key concepts of API authorization, discuss how it relates to Atlassian public APIs (now and in the future), and describe best practices for securing your apps.

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.