Ultimate ASP.NET 5 Web API Development Guide - Section Overview - Securing Your Application

It is suitable for public APIs.

It provides high security for mobile users.

It requires constant updates to IP lists.

It is easy to manage.

It is difficult to implement.

It requires frequent IP address changes.

It adds system overhead with database calls.

It does not require a username and password.

API keys can be easily spoofed if exposed.

API keys are not encoded.

API keys are more secure than basic authentication.

API keys do not require verification.

API keys are not suitable for private APIs.

API keys require frequent password changes.

API keys can be used by unauthorized users if exposed.

API keys are always encrypted.

They include sensitive information.

They are valid indefinitely.

They have a limited lifetime.

They require IP whitelisting.

They include sensitive user information.

They require frequent reissuance.

They eliminate the need for database calls.

They are easy to decode.

Sensitive information

Token expiration time

Claims

User ID