Curated Tech Reading Map

Find your next tech book to read

Goal

The path to "セキュアAPI"

Here is the reading path leading up to this book, derived from its dependencies and ordered from the fundamentals.

The path so far (8 books)

  1. Why read this first: Only with a foundation in signatures and public-key cryptography can you correctly understand token-based authorization. OAuth 2.0 is the de facto standard for delegating privileges; learn its grant types and flows from first principles.

  2. Why read this first: Grasping the whole picture of ID management—from signup to logout to identity federation—in plain language lays the groundwork for the more specialized, detailed implementation covered by the OAuth 2.0 and OIDC protocol specs. Having organized the relationships among identity verification, authentication, and session management in Getting Started with Digital Identity makes it easier to place the authorization code flow and token validation covered in OpenID Connect Primer.

  3. Why read this first: Once you understand how TCP/IP and HTTP work, the design decisions of REST APIs built on top of them make sense down to the 'why.' Web API: The Good Parts offers practical guidance on URIs, methods, and status codes grounded in HTTP semantics.

  4. OAuth徹底入門

    Why read this first: OAuth 2.0 is fundamentally an authorization protocol, and misusing it for pseudo-authentication breeds vulnerabilities. Advancing to OIDC, which standardizes identity verification, clarifies how to build correct authentication, including ID token validation.

  5. Webを支える技術

    Why read this first: Once you have the Web's foundational technologies down, you move to the practice of designing 'good APIs' with them. Web API: The Good Parts offers established patterns for URI design, error representation, and versioning faithful to HTTP semantics, turning principles into design decisions.

  6. Web API: The Good Parts

    Why read this first: Once you've grasped the basics of REST design, you advance to describing and sharing an API as a 'contract.' The Design of Web APIs presents a spec-driven design process with OpenAPI, giving you a repeatable way to build consistent APIs across a team.

  7. Web APIの設計

    Why read this first: Having grasped the practice of API design—contract-first with OpenAPI, pagination, versioning—you start to see the next challenge: how to build security into that design. Secure APIs builds up a shift-left perspective, addressing authentication/authorization vulnerabilities and API configuration risks starting from the design stage.

  8. Why read this first: Once you understand OIDC's authorization code flow and JWT validation at the implementation level, widen your view to the security of the API as a whole. This book covers not only vulnerabilities rooted in authentication and authorization, but also API configuration risks, financial-grade API requirements, observability, and testing — building security in from the design stage.