As API usage continues to grow, so too does the need to secure APIs to prevent incidents, leakages, and outages. “Authorization issues are the cause of more than 50% of API security problems,” he said.

O’Neill listed five steps to ensuring your APIs are secure: Inventory — list all APIs: internal, external, SaaS-based, etc.

Secure Beyond the API Gateway https://thenewstack.io/dont-be-fooled-api-gateways-arent-a-security-panacea/ provide basic security by authenticating users of the API, checking any security policies configured for that API, and generating https://thenewstack.io/jwts-connecting-the-dots-why-when-and-how/ for passing IDs and associated policies to the next API in the call chain, if any.

Authorization is the largest vulnerability area that is not protected well and represents the biggest current risk for API security.

Related Articles