Explore strategies for securing and managing access to web APIs in this EuroPython 2020 conference talk. Learn about token-based authentication, scoping for access levels, and implementing JWT strategies for both third-party integrations and single-page applications. Discover best practices for storing JWTs in browsers and controlling access privileges using structured scopes. Gain insights into various authentication methods, including cookies, headers, and session-based requests. Understand the challenges of securing APIs for both direct and browser-based access, and explore solutions using JSON Web Tokens. Apply these concepts to any web API framework, with a focus on implementation using the Sanic async web framework.