Principles of Web API Design: Delivering Value with APIs and Microservices

Chapter 15 Protecting APIs

Organizations must apply an integrated approach to API security or else leave the door open to further threats.

— D. Keith Casey

API design doesn’t stop at HTTP methods, paths, resources, and media types. Protecting APIs from malicious attackers is an essential part of API design. If left unprotected, an API will become an open door that can do irreparable damage to an organization and its customers. An API protection strategy involves the implementation of the right components, selection of an API gateway solution, and integrating an identity and access management to tie it all together.

This chapter outlines some foundational principles and provides guidance on common practices along with antipatterns to avoid when ...

Get Principles of Web API Design: Delivering Value with APIs and Microservices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Principles of Web API Design: Delivering Value with APIs and Microservices by James Higginbotham

Chapter 15

Protecting APIs

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly