Best of AuthorizationOctober 2025

  1. 1
    Article
    Avatar of systemdesigncodexSystem Design Codex·28w

    Authorizing 10 Million API Calls Per Second

    LinkedIn handles authorization for tens of millions of API calls per second using Access Control Lists (ACLs) with an in-memory authorization client on each service. ACL data is stored in Espresso database with Couchbase caching, synchronized via Brooklin change data capture. Authorization checks are logged asynchronously through Kafka for monitoring and auditing. The system balances fast authorization checks, timely ACL updates, efficient data management, and comprehensive monitoring at massive scale.

  2. 2
    Article
    Avatar of lobstersLobsters·28w

    I built an actually faster Notion in Rust

    A developer shares their journey building Outcrop, a knowledge base alternative to Notion, using Rust for performance and simplicity. The project includes custom implementations of a Zanzibar-inspired authorization system, a search engine using tantivy with sub-millisecond latency, and a Rust port of ProseMirror for real-time collaborative editing. The architecture prioritizes speed through in-memory authorization checks, integrated search with permissions, and microsecond-level document processing. The product targets software teams and aims to launch within six months at €10 per seat.

  3. 3
    Article
    Avatar of faunFaun·31w

    OWASP Top 10 for Appliction Programming Interfaces

    Explores the OWASP API Security Top 10, detailing critical vulnerabilities like broken object level authorization, broken authentication, and SSRF. Each vulnerability is explained with practical code examples showing how attackers exploit these weaknesses and what defenses developers should implement. Includes guidance on authorization checks, rate limiting, input validation, configuration hardening, and API inventory management to prevent data breaches and system compromises.

See all Authorization archives