What is API Security?
Web API security is the application of any security best practice applied to web APIs, which are prevalent in modern applications. Web API security includes API access control and privacy, as well as the detection and remediation of attacks on APIs through API reverse engineering and the exploitation of API vulnerabilities as described in OWASP API Security Top 10.
Whether an application is targeting consumers, employees, partners or otherwise, the client-side of an application (e.g., a mobile app, a web app) interacts with the server-side of an application via an Application Programming Interface (API). Simply put, APIs make it easy for a developer to create a client-side app. Microservice architectures are also made possible by APIs.
Because they’re often available over public networks (access from anywhere), APIs are typically well documented or easily reverse-engineered. Also highly sensitive to denial of service (DDOS) type incidents, APIs are attractive targets for bad actors.
An attack might include bypassing the client-side application in an attempt to disrupt the functioning of an application for other users or to breach private information. API security is focused on securing this application layer and addressing what can happen if a malicious hacker were to interact with the API directly.