Over a million developers have joined DZone.

Security for the API Economy

DZone's Guide to

Security for the API Economy

APIs are key to the digital transformation strategies for enterprises, which means that securing APIs is as important as securing your web applications, if not more.

· Security Zone
Free Resource

Discover an in-depth knowledge about the different kinds of iOS hacking tools and techniques with the free iOS Hacking Guide from Security Innovation.

The term “API economy” has become part of the business vernacular because APIs have proven to be a great way for businesses to increase their value by making their core functionality available to more people. I’ve worked extensively with APIs in my career and I’ve been amazed at how the API economy has developed. I am also a beneficiary of this new API economy – from getting the best deal on Amazon to booking all my travel through my company’s travel portal to getting a dinner reservation through Yelp.

APIs are key to the digital transformation strategies for enterprises. APIs transform businesses into platforms that “facilitate the creation and/or exchange of goods, services, and social currency so that all participants are able to capture value,” to quote Kristin R. Moyer, vice president and distinguished analyst at Gartner.

Securing APIs is as important as securing your web applications, if not more. This is because:

  1. APIs expose your core transactional system to the outside world in an unprecedented way. Many of these core transactional systems were never meant to be made available publicly. So it’s very important that we test APIs for security; in fact, we should probably worry even more about API security than we do about web application security.
  2. Once you have an API out there, it can embed your business into other people’s business in a way that was never possible before. If your API is insecure, it means that your insecurity has now percolated into your partner businesses’ overall security posture. Hence, when you start writing your API, you’d better be thinking about its security. I’d encourage the reader to visit https://developer.uber.com/ and see how Uber (via its API) is now integrated into United, Amazon, Foursquare, TripAdvisor, moovit, and many more businesses.

You may think that you have an API management tool and that solves the API security problem. Having an API management tool or a service is merely a first step to API security. This, however, is not the only step. API management tools provide security policies that work at the perimeter but they do not play a role in securing the business logic that is serving the APIs up. You need Application Security Testing tools to help you write APIs that are secure inside-out.

Learn how to turn an automated scanning effort into an effective software security assessment, replete with complex vulnerability detection, risk rating, and remediation. 

security ,api

Published at DZone with permission of Setu Kulkarni. See the original article here.

Opinions expressed by DZone contributors are their own.


Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.


{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}