Security Intermediate

What is API Security?

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

API security encompasses authentication (verifying identity — API keys, OAuth tokens, JWTs), authorization (verifying permissions — scopes, RBAC), transport security (HTTPS/TLS), input validation (preventing injection), rate limiting (preventing abuse), and monitoring (detecting anomalies). Common vulnerabilities include Broken Object Level Authorization (BOLA — accessing other users' data by changing IDs), excessive data exposure (returning more fields than needed), and mass assignment (accepting unexpected fields). The OWASP API Security Top 10 lists the most critical API risks. Best practices include using short-lived tokens, validating all inputs, implementing proper error handling without leaking details, and logging all API access for audit.

Learn More About This Topic

Cybersecurity Fundamentals

Related reading

Linux Security Auditing

Related reading

Linux Security Hardening

Related reading

Related Terms

SAST (Static Application Security Testing)

Automated analysis of source code to find security vulnerabilities without executing the application.

Supply Chain Attack

A cyberattack that targets less-secure elements in the software supply chain to compromise downstream users and organizations.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

SIEM (Security Information and Event Management)

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

View All Security Terms →