Secure

This stage is about securing the access and operations surrounding each API, ensuring only those who should have access are able to make requests and publish messages. Security is about establishing an organization-wide approach to how API authentication works and how encryption is applied, as well as secrets, roles, and the way APIs are fuzzed and scanned for vulnerabilities. You must provide teams with everything they need to secure each API and the operations around it, consistently securing the expanding API landscape.

There are many layers of t security for producing and consuming APIs. Organizations are increasingly making security a priority earlier on in the API life cycle, instead of after an API goes live. This evolution is often described as shifting left or investing in security earlier in the life cycle and equipping API teams with proven approaches to delivering more secure APIs.

API security doesn’t stop at authentication and authorization of each API. It and should include data in transport, the operations around each API, and security concerns for both producers and consumers. A known API life cycle, combined with well-defined security practices, gets teams up to speed with what matters most for securing APIs.

---

Related

• →  How Can I Test That My API Requires an API Key
• →  People Are Aware Of Public APIs But Less Aware Of Mobile APIs
• →  Sadly Stack Exchange Blocks API Calls Being Made From Any Of Amazon's IP Block
• →  Twice The Dose Of Vanick Digital At APIStrat in Nashville, TN Next Month
• →  Practical SecDevOps for APIs From @42Crunch At APIStrat In Nashville This Fall
• →  Ping Identity Acquires ElasticBeam To Establish New API Security Solution
• →  People Still Think APIs Are About Giving Away Your Data For Free
• →  Making Connections At The API Management Layer
• →  Facebook And Twitter Only Now Beginning To Police Their API Applications
• →  OpenAPI Is The Contract For Your Microservice