{
  "id": "bbg-p0016-api-gateways-and-contracts-api",
  "title": "API Security Control Checklist",
  "chapter": "api-gateways-and-contracts",
  "batch": "04",
  "rank": 35,
  "sourcePage": 16,
  "sourcePointer": "p. 16",
  "status": "accepted",
  "reviewerStatus": "reviewed",
  "fidelityScore": 0.9,
  "canvas": {
    "width": 960,
    "height": 640
  },
  "fireworksTechGraph": {
    "style": "style-1-flat-icon",
    "diagramType": "comparison",
    "topologyNotes": [
      "source page render inspected",
      "extracted page text inspected",
      "source page render inspected",
      "preserve API security controls: HTTPS, OAuth2, WebAuthn, scoped API keys, authorization, validation, rate limits, and monitoring",
      "omit source branding, mascot artwork, and copied checklist styling"
    ],
    "publicBoundary": [
      "original vector output",
      "no source pixels",
      "no source mark or long wording"
    ]
  },
  "callouts": [],
  "sourceReview": {
    "conceptAnchors": [
      "concept: HTTPS",
      "concept: OAuth2",
      "concept: WebAuthn",
      "concept: scoped API keys",
      "concept: authorization"
    ],
    "labelSource": "curated",
    "semanticStatus": "reviewed"
  },
  "groups": [
    {
      "id": "identity",
      "label": "Identity and access",
      "x": 70,
      "y": 126,
      "w": 360,
      "h": 300
    },
    {
      "id": "runtime",
      "label": "Runtime protection",
      "x": 530,
      "y": 126,
      "w": 360,
      "h": 300
    }
  ],
  "shapes": [
    {
      "id": "https",
      "kind": "rect",
      "label": "HTTPS",
      "detail": "transport",
      "x": 118,
      "y": 164,
      "w": 126,
      "h": 58,
      "tone": "blue"
    },
    {
      "id": "oauth",
      "kind": "rect",
      "label": "OAuth2",
      "detail": "delegation",
      "x": 276,
      "y": 164,
      "w": 126,
      "h": 58,
      "tone": "purple"
    },
    {
      "id": "webauthn",
      "kind": "rect",
      "label": "WebAuthn",
      "detail": "strong login",
      "x": 118,
      "y": 284,
      "w": 126,
      "h": 58,
      "tone": "green"
    },
    {
      "id": "keys",
      "kind": "rect",
      "label": "Scoped keys",
      "detail": "least access",
      "x": 276,
      "y": 284,
      "w": 126,
      "h": 58,
      "tone": "orange"
    },
    {
      "id": "authz",
      "kind": "diamond",
      "label": "Authorization",
      "detail": "allow?",
      "x": 418,
      "y": 432,
      "w": 124,
      "h": 84,
      "tone": "red"
    },
    {
      "id": "validate",
      "kind": "rect",
      "label": "Validation",
      "detail": "input schema",
      "x": 578,
      "y": 164,
      "w": 126,
      "h": 58,
      "tone": "teal"
    },
    {
      "id": "limits",
      "kind": "rect",
      "label": "Rate limits",
      "detail": "abuse guard",
      "x": 736,
      "y": 164,
      "w": 126,
      "h": 58,
      "tone": "red"
    },
    {
      "id": "monitor",
      "kind": "rect",
      "label": "Monitoring",
      "detail": "detect",
      "x": 658,
      "y": 284,
      "w": 126,
      "h": 58,
      "tone": "gray"
    }
  ],
  "connectors": [
    {
      "from": "https",
      "to": "oauth",
      "label": "secure",
      "flow": "main"
    },
    {
      "from": "oauth",
      "to": "keys",
      "label": "scope",
      "flow": "control"
    },
    {
      "from": "webauthn",
      "to": "authz",
      "label": "identity",
      "flow": "data"
    },
    {
      "from": "keys",
      "to": "authz",
      "label": "permission",
      "flow": "control"
    },
    {
      "from": "validate",
      "to": "limits",
      "label": "guard",
      "flow": "control"
    },
    {
      "from": "limits",
      "to": "monitor",
      "label": "signal",
      "flow": "data",
      "dashed": true
    },
    {
      "from": "monitor",
      "to": "authz",
      "label": "review",
      "flow": "data",
      "dashed": true
    }
  ]
}