Best Practices for API Security

23 Sep 2021

Application Programming Interfaces (APIs) facilitate communications between systems and/or services for the exchange of data, as well as providing other services. Most modern web and mobile applications make use of APIs. A high-level architecture of an API implementation is shown below.

WHY API SECURITY IS IMPORTANT

APIs are widely adopted, as they are generally built on open standards and loosely coupled. However, the significance of APIs has attracted the attention of hackers. Gartner predicted that by 2022, APIs will become the most frequent attack vector, causing data breaches for enterprise web applications. Hence, it is crucial to secure APIs.

RISK APPROACH FOR MANAGING APIs

The table below shows examples of potential threat scenarios along with their corresponding mitigation measures.

In addition to these mitigation measures for securing API implementation, developers should adopt secure coding practices during development and keep up-to-date API documentation for all the APIs published. These measures will help to reduce opportunistic attacks on vulnerable codes and provide visibility to the coverage of authorised APIs’ access to sensitive data.