> For the complete documentation index, see [llms.txt](https://docs.devland.is/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devland.is/technical-overview/api-design-guide/security.md).

# Security

## OWASP Top 10

The OWASP Foundation is known for its top ten web application security risks. Now the foundation has also collected the top ten security considerations for API projects.

Developers should know of and review these items regularly against their APIs.

<https://owasp.org/www-project-api-security/>

## Authentication & Authorisation

island.is provides a Authentication Service, see its documentation for further details on authentication flows and authorisation of endpoints.

<https://docs.devland.is/technical-overview/auth>
