I have a very specific experience in developing own API's as well as calling third-party public API's (Amazon/AWS, Facebook, Twitter, LinkedIn, Youtube, Paypal, Stripe, Payment Gateways, Parallels Plesk etc.). Most of the public API's use oAuth method for hand-shake between our application and their system, and hence requires secret access tokens in order to communicate with them. Also, with respect to custom API implementation, the following are important security methods that have been implemented by me: - Secure interface for Rest-Full API's using different HTTP request methods (GET / POST / PUT / DELETE / UPDATE) - Refresh token based JWT Auth implementation, and HTTP Authorization headers - Highly secure API access environment with different access tokens per request - Every API has its associated access URL, and corresponding input and output parameters. Output of every API is in JSON format - Language specific API message response - Custom web-services for a couple of iOS and Android apps.