Although making a Web API available and ubiquitous has obvious benefits, like any other service or application, correctly securing resources is of the utmost importance. It’s easy to take security for granted or assume that security through obscurity can keep your resources safe. Some people are overly concerned with security, and their careers suffer as a result. The number of such cases and the magnitude of the damage done, however, pale in comparison with that of people who don’t take it seriously and assume that obscurity can keep their resources safe.

Security needs should be determined by carefully weighing the costs and the benefits, and those needs usually exist in a rather delicate balance. Web APIs expose ...