GuidesAPI ReferenceAnnouncementsContact

Mitigation Approach

Suggest Edits

API risks need to be mitigated in a number of ways. There is no single off-the-shelf security solution which can be dropped in to address all aspects of API security. APIs need to be secure by design; security needs to be built in from scratch, and be considered within the context of existing protection mechanisms.

  1. Identity and Access Management (IdAM) to provide the following services:
    .. Authentication
    ..     Authorisation and delegated authority
    ..* Federation
  2. Confidentiality
  3. Integrity
  4. Availability and Threat Protection

This ensures that:

  • The consuming application is known and can only get access to API resources they are allowed to
  • Message content has not been tampered with between consumer and provider
  • Resources are reliably from the provider intended when the consuming application made the request
  • The API will be available when needed, and not brought down by attacks from malicious consuming applications

Updated less than a minute ago