An application programming interface, or API, is a defined process that allows data to be shared between applications or programs. Each API consists of a set of rules that dictates how communication occurs between a client and a server or external program. The required request format, the authentication process, and the encryption of data all have set guidelines so that the API knows what information to share and when and how to share it.

Examples of APIs include universal log-in interfaces, when a website allows users to log in using their credentials from a site like Google or Facebook rather than creating a new set of log-in credentials for every single website, and third-party payment processes, when a payment is processed using a third-party application such as PayPal. They allow data to be gathered from an external server or program in order to make the process of logging into an account or submitting a payment online easier.

APIs are useful not only in aiding consumers to simplify their online experience, but in enabling easy communication, integration, and collaboration between companies and organizations. They are versatile and constantly changing, allowing for developers to innovate how they are used, and they bring data from many sources into one place for ease of access. This is why the average number of APIs per company has grown 221% in the past year. Unfortunately, the features that make APIs practical and necessary are also the factors that make them a great target for cyberattacks. The same article that detailed the Salt Labs research report with recent API security trends, describes APIs as “the on-ramps to the digital world”.

API Security: Biggest Threats

Because API traffic is increasing so rapidly, cybercriminals are taking advantage of the wide attack surface; while API traffic grew 321% in 12 (Read more...)