anavem.
Back to Glossary
A

API Security

API security protects application programming interfaces from attacks by implementing authentication, authorization, and traffic management.

What is API Security?

API security encompasses the practices and technologies used to protect APIs from attacks and misuse. It includes authentication, authorization, input validation, rate limiting, and monitoring.

API Authentication Methods

  • API Keys: Simple but limited
  • OAuth 2.0: Delegated authorization
  • JWT: Token-based authentication
  • mTLS: Mutual certificate authentication
  • OIDC: Identity layer on OAuth

OWASP API Security Top 10

Broken Object Level Authorization, Broken Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, and more.

Common Misconceptions

  • "Internal APIs don't need security" - Assume breach
  • "Authentication equals authorization" - Different concerns
  • "API gateways solve everything" - Part of solution