11436 SSO

Best Practices for Building Secure APIs

Aug 30, 2018

Editor's note: API security remains a critical issue for our readers. For evidence, look no further than this article, the all-time most popular post on Apigee's "APIs and Digital Transformation" Medium publication. With that in mind, we reprise it here.

API (application programming interface) designers and developers generally understand the importance of adhering to design principles while implementing an interface. No one wants to design or implement a bad API!

Even so, it’s sometimes tempting to look for shortcuts to reach those aggressive sprint timelines, get to the finish line, and deploy an API. These shortcuts may pose a serious risk — unsecured APIs.

Developers should remember to wear the hat of an API hacker before deploying. If a developer neglects to identify the vulnerabilities in an API, the API could become an open gateway for malicious activity.

An API can work for or against its provider depending on how well the provider has understood and implemented its API users’ requirements. If a company builds an incredibly secure API, it might end up very hard to use. A fine balance needs to be struck between the purpose of an API and ease of consumption. In this article, we’ll explore some of the API vulnerabilities we’ve come across through our work as part of Google’s Apigee team, including how these vulnerabilities might have been prevented.

To continue reading, visit our Medium page

Apigee blog home page image: Simon Cocks/Flickr Creative Commons

Scaling Microservices