This article is featured in the new DZone Guide to API Management: Comparative Views of Real World Design. Get your free copy for more insightful articles, industry statistics, and more!
[…]
Ignoring proper authentication — even if transport layer encryption (TLS) is used — can cause problems. With a valid mobile number in an API request, for instance, any person could get personal email addresses and device identification data. Industry-standard strong authentication and authorization mechanisms like OAuth/OpenIDConnect, in conjunction with TLS, are critical.
[…]
When talking about API security, we must understand that security is the number-one concern of companies, organizations, institutions, and government agencies considering investing more resources into their API infrastructure, as well as companies that are ramping up their existing efforts. At the same time, it is also the most deficient area when it comes to investment in API infrastructure by existing API providers. Many companies are building APIs as products on their own, deploying web, mobile, IoT, and other applications, but rarely stopping to properly secure things at each step along the way, but API Gateways are one of the most popular and efficient solutions for the many security problems you'll face.
[…]