It’s important to remember, however, that OAuth 2.0 is still not a complete solution for securing APIs because it does not address how to protect the API’s infrastructure itself.