{"id":17161,"date":"2023-07-12T09:30:00","date_gmt":"2023-07-12T13:30:00","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=17161"},"modified":"2023-08-10T07:58:41","modified_gmt":"2023-08-10T11:58:41","slug":"what-is-api-security-and-how-do-you-achieve-it","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/what-is-api-security-and-how-do-you-achieve-it\/","title":{"rendered":"What Is API Security &amp; How Do You Achieve It? 10 Essential Methods to Know"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-salt-s-research-shows-that-17-of-organizations-have-experienced-a-breach-resulting-from-an-api-security-gap-don-t-become-one-of-them\"><a href=\"https:\/\/content.salt.security\/state-api-report.html\">Salt<\/a>\u2019s research shows that 17% of organizations have experienced a breach resulting from an API security gap. Don\u2019t become one of them.<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Data from Salt underscores why API security (i.e., application programming interface security) is so important. The firm\u2019s<a href=\"https:\/\/content.salt.security\/state-api-report.html\"> <\/a>State of API Security Report Q1 2023 observes a 400% increase in unique attacks on its customers compared to the previous six months, with 31% experiencing sensitive data exposure. One result of this is that API security is no longer seen as simply an engineering concern: It is now increasingly on C-level executives\u2019 radar.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/privacy.twitter.com\/en\/blog\/2022\/an-issue-affecting-some-anonymous-accounts\">Twitter\u2019s 2022 API security breach<\/a> serves as just one example of the dangers relating to API vulnerabilities. A <a href=\"https:\/\/venturebeat.com\/security\/twitter-breach-api-attack\/\">security vulnerability first disclosed<\/a> in December 2021 resulted in hackers stealing data belonging to over 5.4 million Twitter users. They released the data on the dark web in July 2022, causing the company plenty of embarrassment and reputational damage.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If your organization doesn\u2019t want to follow in Twitter\u2019s footsteps, it\u2019s time to focus on API security. This article provides an overview of 10 important API security methods to know and implement within your organization.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-defining-api-security-and-its-importance\"><a><\/a>Defining API Security and Its Importance<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">API security refers to the holistic approach you take to keep your APIs safe against malicious attacks. It encompasses a wide range of security practices, tools, documentation, and procedures \u2014 all designed to ensure that businesses can prevent API attacks and mitigate any damage when such attacks do take place.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The use of APIs in public and private sectors has exploded in the past few years. These interfaces now underpin vital IT infrastructure around the globe and can be found in the digital environments of everything from financial and government organizations to healthcare services. Given their popularity and widespread usage, it\u2019s time to put application programming interface security under the microscope.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Given that APIs expose data and application logic, API security has become hugely important to businesses. From a technical perspective, web API security largely involves (although it\u2019s not limited to):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Implementing authorization and authentication processes.<\/strong> You can do this through methods such as using static strings, tokens (either dynamic or user-delegated), etc. This approach ensures that you are in full control of who accesses your API and how they do so.<\/li>\n\n\n\n<li><strong>Creating and rolling out policy-based access controls.<\/strong> This approach enables you to implement security via policies, rather than doing so for each individual product. This is ideal for those exposing multiple APIs.<\/li>\n\n\n\n<li><strong>Instituting role-based access controls.<\/strong> This enables a granular approach to access levels, with differing access linked to different roles within your organization.<\/li>\n\n\n\n<li><strong>Implementing rate limiting<\/strong>. This will help you to ensure that your API is protected from excessive system traffic that can bring everything to a standstill, thus protecting against <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-ddos-attack\/\">distributed denial of service<\/a> (DDoS) attacks.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-examples-of-the-most-worrisome-api-security-vulnerabilities\"><a><\/a>Examples of the Most Worrisome API Security Vulnerabilities<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When it comes to security vulnerabilities, OWASP is a highly regarded authority for software and web application security environments, including APIs. Its \u201ctop 10\u201d lists consider vulnerabilities, attack scenarios, and prevention methods. OWASP recently shared its<a href=\"https:\/\/github.com\/OWASP\/API-Security\/tree\/master\/2023\/en\/src\"> <\/a><a href=\"https:\/\/owasp.org\/API-Security\/editions\/2023\/en\/0x11-t10\/\">Top 10 API Security Risks \u2014 2023<\/a>, the order of which was as follows:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\" start=\"1\">\n<li><strong>\u201cBroken object level authorization\u201d<\/strong> \u2014 This is where hackers exploit this by manipulating object IDs to access sensitive data.<\/li>\n\n\n\n<li><strong>\u201cBroken authentication\u201d<\/strong> \u2014 This entails a lack of protection mechanisms and identity validation mis-implementation that set the scene for hackers to take control of accounts.<\/li>\n\n\n\n<li><strong>\u201cBroken object property level authorization\u201d<\/strong> \u2014 This occurs when hackers can read and change object values that they shouldn\u2019t be able to access, enabling unauthorized data disclosure.<\/li>\n\n\n\n<li><strong>\u201cUnrestricted resource consumption\u201d<\/strong> \u2014 This is where APIs lacking consumption limits are vulnerable to DDoS attacks by overwhelming your available resources.<\/li>\n\n\n\n<li><strong>\u201cBroken function level authorization\u201d<\/strong> \u2014 This is where hackers attempt to access administrative functions by sending API calls to endpoints or other resources that they shouldn\u2019t be able to access.<\/li>\n\n\n\n<li><strong>\u201cUnrestricted access to sensitive business flows\u201d<\/strong> \u2014 This occurs when an attacker takes advantage of a legitimate, sensitive business flow function (e.g., making a purchase) via automation to cause harm. &nbsp;<\/li>\n\n\n\n<li><strong>\u201cServer-side request forgery\u201d<\/strong> \u2014 This occurs when hackers access a Uniform Resource Identifier (URI) and use it to bypass an endpoint\u2019s API security mechanisms.<\/li>\n\n\n\n<li><strong>\u201cSecurity misconfiguration\u201d<\/strong> \u2014 This is where hackers use automated tools to detect unpatched flaws, unprotected directories or files, and other vulnerabilities that enable access to sensitive data and\/or system details.<\/li>\n\n\n\n<li><strong>\u201cImproper inventory management\u201d<\/strong> \u2014 This when attackers capitalize on orphan and shadow APIs (i.e., forgotten or unknown assets), providing hackers with unmitigated access.<\/li>\n\n\n\n<li><strong>\u201cUnsafe consumption of APIs\u201d<\/strong> \u2014 This is where third-party APIs create the potential for hackers to exploit security flaws, meaning developers need to be careful about trusting such interactions.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Given the breadth of these vulnerabilities, it is perhaps unsurprising that <a href=\"https:\/\/www.softwareag.com\/en_corporate\/resources\/api\/ar\/apis-integration-microservices-report.html\">80% of organizations<\/a> report that ensuring API security is a challenge \u2013 with 36% reporting API security as a significant issue.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-do-you-achieve-api-security-10-examples-of-api-security-measures\"><a><\/a>How Do You Achieve API Security? 10 Examples of API Security Measures<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When it comes to defending themselves against the above vulnerabilities, businesses exposing their APIs are not without a decent armory of resources. Let\u2019s take a look at some handy tools and techniques you can include in your arsenal.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>1. Use Well-Established Standards for Access Control &amp; Access Management<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Using well-established standards for authorization and authentication flows is an important way to try to avoid security issues while ensuring it is still easy for authorized users to consume your API. Some important aspects of identity and access management practices include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Creating strong, PKI-based <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-digital-identity-why-does-it-matter\/\">digital identities<\/a><\/li>\n\n\n\n<li>Implementing and enforcing strong <a href=\"https:\/\/www.thesslstore.com\/blog\/the-role-of-access-control-in-information-security\/\">access controls<\/a><\/li>\n\n\n\n<li>Adhering to industry standards and best practices<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Implementing OAuth and OpenID Connect may help meet your needs in this respect.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>2. Always Use TLS Encryption (HTTPS)<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">TLS encryption secures your data in transit using encryption (this enables a secure <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-https-what-https-stands-for\/\">HTTPS<\/a> connection, otherwise known as <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc2818\">HTTP over TLS<\/a>). Using TLS means that the messages flowing through your API to your server will be securely encrypted and, thus, secure from the prying eyes of malicious actors.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">(This way, if they do intercept your data, all they\u2019ll see is a bunch of gibberish. They won\u2019t be able to decrypt the data without having access to the secret key.)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can enable HTTPS encryption by installing an <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-website-security-certificate-and-what-does-it-do-for-your-business\/\">SSL\/TLS certificate<\/a> that\u2019s issued by a publicly trusted <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-certificate-authority-ca-and-what-do-they-do\/\">certificate authority<\/a> (CA) onto your web server. These certificates come in three validation levels (<a href=\"https:\/\/www.thesslstore.com\/products\/cheap-ssl-certificates.aspx\">domain validation<\/a>, <a href=\"https:\/\/www.thesslstore.com\/products\/high-assurance-certificates.aspx\">organization validation<\/a>, and <a href=\"https:\/\/www.thesslstore.com\/extended-validation-ssl-certificates.aspx\">extended validation<\/a>) and provide assurance that the website\u2019s <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-digital-identity-why-does-it-matter\/\">digital identity<\/a> is authentic.<\/p>\n\n\n\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-central-palette-2-background-color has-text-color has-background wp-element-button\" href=\"https:\/\/www.thesslstore.com\/products\/ssl.aspx\" style=\"border-radius:3px;color:#ffffff\">Buy an SSL\/TLS Certificate<\/a><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"867\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/07\/ssl-tls-certificate-example2.jpg\" alt=\"A screenshot of the SSL\/TLS certificate information for TheSSLstore.com\" class=\"wp-image-17163\"\/><figcaption class=\"wp-element-caption\"><em>Image caption: A screenshot of information for the SSL\/TLS certificate that\u2019s installed on TheSSLstore.com.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>3. Enable Mutual Authentication<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Using mutual authentication is another important way to address API security. You can use public key infrastructure (PKI)-based <a href=\"https:\/\/www.thesslstore.com\/blog\/client-authentication-certificate-101-how-to-simplify-access-using-pki-authentication\/\">client authentication certificates<\/a> and mutual TLS authentication using policy expressions to ensure that both the server and client certificates\u2019 properties match pre-defined values.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>4. Validate and Sanitize Inputs<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For interaction with third-party APIs, the emphasis should be on input validation and sanitization:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Validation checks to see that the input meets your pre-defined criteria.<\/li>\n\n\n\n<li>Sanitization modifies any non-compliant input to enable it to be validated.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">When implemented correctly, validation and sanitization can help avoid <a href=\"https:\/\/www.thesslstore.com\/blog\/sql-injection-attack-what-it-is-how-to-protect-your-business\/\">SQL injection attacks<\/a> (these are where a cybercriminal injects malicious SQL commands into API requests that can steal, manipulate, or delete data).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Check out <a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/Input_Validation_Cheat_Sheet.html\">OWASP\u2019s Input Validation Cheat Sheet<\/a> to learn more about how to perform input validation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>5. Implement Rate Limiting<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Rate limiting, along with quotas and throttling, can help to reduce your organization\u2019s vulnerability to <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-ddos-attack\/\">DDoS attacks<\/a>. Rate limiting controls the amount of traffic that can access your API at any given time, meaning that bad actors can\u2019t overwhelm it and knock your service offline. Think of it as something akin to a funnel channeling water; a lot of traffic comes in on one end but gets funneled down to a smaller amount on the other. This prevents too many calls from coming in simultaneously and overwhelming your system.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can set API rate limits in several ways based on the number of requests you want to receive in a set period, and whether they\u2019re authenticated or unauthenticated calls. For example, you can set it to limit client calls to your API to one per second, or maybe 100 per minute.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"990\" height=\"753\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/07\/api-limiting-illustration.png\" alt=\"API security graphic: A basic illustration of how API rate limiting works, enabling access to services to a certain points and then cutting off access once set limits are reached. \" class=\"wp-image-17164\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/07\/api-limiting-illustration.png 990w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/07\/api-limiting-illustration-300x228.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/07\/api-limiting-illustration-768x584.png 768w\" sizes=\"auto, (max-width: 990px) 100vw, 990px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: A basic illustration that demonstrates how API rate limiting works and prevents API requests from exceeding set limits.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Any decent API management solution should offer rate limiting so that you can easily defend against such attacks.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>6. Focus on Regulatory Security Requirements<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">API security requires a multi-layered approach that accounts for varying requirements, including differing regulatory obligations. A business focused on <a href=\"https:\/\/www.finra.org\/rules-guidance\/key-topics\/aml\">anti-money laundering (AML) compliance<\/a>, for example, will have a different focus than a company aiming to meet its security obligations under the <a href=\"https:\/\/www.thesslstore.com\/blog\/hipaa-compliance-technical-safeguards\/\">Health Insurance Portability and Accountability Act (HIPAA)<\/a> or <a href=\"https:\/\/www.thesslstore.com\/blog\/demystifying-pci-dss-compliance\/\">Payment Card Industry Data Security Standards (PCI DSS)<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Yet, whether it\u2019s the implementation of an<a href=\"https:\/\/seon.io\/resources\/aml-compliance-program\/\"> <\/a><a href=\"https:\/\/seon.io\/resources\/aml-compliance-program\/\">AML compliance program<\/a>, the protection of patient data, or anything else related, there are certain API security best practices that apply.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Key to this is ensuring that API security is addressed as part of an overarching cybersecurity strategy that adheres to industry standard best practices (relating to <a href=\"https:\/\/www.thesslstore.com\/blog\/pki-management-private-key-certificate-lifecycle-management-best-practices\/\">PKI certificate management<\/a>, <a href=\"https:\/\/www.thesslstore.com\/blog\/12-enterprise-encryption-key-management-best-practices\/\">key management<\/a>, and so on). For example, always ensure that you\u2019re storing your API keys (and other cryptographic keys) securely outside of your application (i.e., don\u2019t embed it in its code or source tree).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Many organizations opt to use a key vault, physical <a href=\"https:\/\/www.thesslstore.com\/blog\/what-is-a-hardware-security-module-hsms-explained\/\">hardware storage module<\/a> (HSM), or a <a href=\"https:\/\/www.digicert.com\/software-trust-manager\">trust management solution<\/a>.&nbsp;<\/p>\n\n\n<span style=\"--tl-form-height-m:861.156px;--tl-form-height-t:899.625px;--tl-form-height-d:899.625px;\" class=\"tl-placeholder-f-type-shortcode_12653 tl-preload-form\"><span><\/span><\/span>\n\n\n<p class=\"wp-block-paragraph\"><strong>7. Take a SecDevOps Approach<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Another way that you can boost the security of your APIs is to \u201cshift left\u201d that security \u2014 i.e., move it to an earlier stage of the development timeline within the development lifecycle. Instead of designing and building an API and then implementing security testing using the traditional DevOps or DevSecOps approach, shifting security left as part of a \u201c<a href=\"https:\/\/sectigostore.com\/blog\/devsecops-a-definition-explanation-exploration-of-devops-security\/\">SecDevOps<\/a>\u201d philosophy supports the implementation of security testing as a fundamental part of the build process.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This way, API security is an integral part of the process throughout and isn\u2019t regarded as an afterthought.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>8. Use a Secure API Gateway<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Taking advantage of evolving API management tools can also help improve your API security. For example, using API gateways means that organizations can implement robust security at the gateway level, rather than leaving it to individual teams to determine and implement security mechanisms. Think of it as the gatekeeper that restricts or permits access to your applications and data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Implementing full lifecycle API management via a product such as Tyk API Gateway, for example, supports standardization across a company\u2019s APIs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>9. Get into the \u201cZero Trust\u201d Mindset<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A <a href=\"https:\/\/www.thesslstore.com\/blog\/the-rise-of-zero-trust-threats-are-no-longer-perimeter-only-concerns\/\">zero trust security<\/a> mindset and model is another way to enhance your API security. It\u2019s all about verifying everything automatically and trusting nothing within your network and other systems. This requires continuous authentication throughout a connection. &nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Adoption of zero trust security is growing rapidly, with the <a href=\"https:\/\/www.mordorintelligence.com\/industry-reports\/zero-trust-security-market\">zero trust security market<\/a> expected to achieve a compound annual growth rate (CAGR) of 17% between 2023 and 2028. Zero trust is a boon for security because no users or devices are trusted by default; rather, they have to be verified every time, even if they were previously trusted.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"932\" height=\"449\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/overview-zero-trust.png\" alt=\"A basic illustration that provides an overview of the zero trust concept, which can be beneficial to API security\" class=\"wp-image-16086\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/overview-zero-trust.png 932w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/overview-zero-trust-300x145.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/01\/overview-zero-trust-768x370.png 768w\" sizes=\"auto, (max-width: 932px) 100vw, 932px\" \/><figcaption class=\"wp-element-caption\"><em>Image caption: An overview of how zero trust security works.<\/em><\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>10. Take a Robust Approach to Testing<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Finally, it\u2019s essential that organizations re-check their API security after patches and bug fixes are implemented. (Applying patches can fix some issues but also create others.) You can use automated testing to do so on your site, but manual oversight is a must as well. Implementing regular <a href=\"https:\/\/www.thesslstore.com\/blog\/a-pentesters-guide-to-strengthening-your-cloud-security-defenses\/\">penetration testing<\/a> is also important.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t have the internal resources to handle such tasks? You could hire a third-party firm to perform this important function to discover any security vulnerabilities that your API may have. This way, you can discover what vulnerabilities you have rather than leaving them exposed and at risk of exploitation by a hacker. <a><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-final-thoughts-prepare-for-the-future-with-api-security\">Final Thoughts: Prepare for the Future With API Security<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Cybersecurity is top of mind for many businesses. 2022 was a<a href=\"https:\/\/www.thesslstore.com\/blog\/cyber-security-statistics\/\"> <\/a><a href=\"https:\/\/www.thesslstore.com\/blog\/cyber-security-statistics\/\">difficult year for businesses<\/a> and consumers alike when it came to security, emphasizing the importance of preparing for a future of better API security.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Thankfully, as API security threats grow, so, too, does our understanding of how to combat them. Between zero trust methodologies, shifting security left in the API design process, and baking security into API management processes and architectures, organizations can have the knowledge and tools they need to prepare for a more secure future for application programming interfaces.<\/p>\n\n\n<span style=\"--tl-form-height-m:1007.672px;--tl-form-height-t:607.938px;--tl-form-height-d:607.938px;\" class=\"tl-placeholder-f-type-shortcode_12780 tl-preload-form\"><span><\/span><\/span>","protected":false},"excerpt":{"rendered":"<p>Salt\u2019s research shows that 17% of organizations have experienced a breach resulting from an API security gap. Don\u2019t become one of them. Data from Salt underscores why API security (i.e.,&#8230;<\/p>\n","protected":false},"author":43,"featured_media":17162,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16,10200],"tags":[13245],"class_list":["post-17161","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","category-monthly-digest","tag-api-security","post-with-tags"],"views":6852,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2023\/07\/api-security-feature-image.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/17161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/43"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=17161"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/17161\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/17162"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=17161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=17161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=17161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}