The Importance of API Security
Application programming interfaces, or APIs, are driving the digital economy and opening up paths for new business opportunities. Companies use APIs to not only provide access to their own services, but to also integrate applications within an organization as well as with third-party services. Think of Google Maps Platform APIs delivering functionality that offers services based on location, or Google Pay APIs being integrated with the eCommerce websites of Google customers
Now API traffic is dominating the internet. Case in point: Google Cloud’s Apigee saw a 46% increase in API traffic when comparing Black Friday 2020 and 2021. This is because APIs are a gateway for services and data and can unlock the value of data that enables business growth.
At the same time, APIs represent a large, dynamically changing attack surface. Just one web or mobile application can rely on hundreds of APIs that provide data to the application that’s executing in the user’s browser or on a mobile device. Therefore, those hundreds of APIs expose data through external interfaces that need to be properly protected. Third-party APIs that are used ubiquitously also contribute to a growing API attack surface. For example, a stolen customer key for accessing a third-party API can be used by an attacker to consume the third-party service, resulting in excessive payment obligation for the customer.