NB: This Note is an introductory piece to my personal series of notes on API Security, it only gives a surface-level introduction to the concept. For my in-depth writings on this, based on my personal experience, kindly read my other notes dedicated to individual topics on this subject.
Understanding The Concepts
An API (Application Programming Interface) is an interface that specifies how various pieces of software can communicate with one another. It regulates the different requests that are made between programmes, how they are made, and the different data formats that are employed, thus API Security refers to the practices and measures aimed at protecting both the data and functionality exposed by these interfaces, preventing unauthorized access, data breaches, and potential exploitation of vulnerabilities.
Implementing robust API security practices is essential for maintaining the integrity and trustworthiness of applications and services that rely on API interactions.
Some of the most common measures include:
- Authentication/Authorization
- Data Protection
- Input Validation
- Secure Third-Party API Integration
- Throttling/Rate Limiting
My Experience
I have known quite a good number of API Security techniques through my years as a backend developer, Authentication/Authorization, Input Validation, and Error Handling are some of the most basic techniques anyone will get to learn while starting out with backend development, but there are more to securing an API than just requiring auth tokens for endpoint access and this is why i'll be making series of notes on this public, they'll be based on my personal encounter and lessons i've learnt the hard way.
