Security
Dev/Test
Public endpoints
API Token
https
Design for stateless
No direct data access
Prod
API gateway/tokens
Network policy – masking
Client cert (MTLS)
OAuth – username/password
https – encrypted
Input hashed in response
Dev/Test
Public endpoints
API Token
https
Design for stateless
No direct data access
Prod
API gateway/tokens
Network policy – masking
Client cert (MTLS)
OAuth – username/password
https – encrypted
Input hashed in response