3 min Security

Increasing API use also means more focus on API security

Increasing API use also means more focus on API security

Companies are going to use more APIs this year than ever before, is the expectation of API specialist RapidAPI in its recent annual State of API Report. This also increases the need for proper API security, indicate other experts from Gartner, Forrester and Mulesoft.

RapidAPI’s survey found that about 70 percent of respondents said they will use more APIs in 2023 than in the past year. Especially in an industry like telecom, API usage is expected to increase 20 percent in 2023. Other industries that expect to use many APIs are the tech sector and services.

Most APIs will be used for internal purposes this year, but the use of APIs to connect with partners and third parties is also increasing significantly. RapidAPI’s report shows that about 75.1 percent of those surveyed say they have APIs for internal use, 48.9 percent for connections with partners and just over half, 53.9 percent for connecting to third-party solutions and applications.

Increased focus on API security

The substantial growth in API usage by companies, is also putting increasing emphasis on proper deployment of API security. This year, as Gartner predicted as early as 2021, API leaks will become the most important security problems for Web applications. With the growth of API usage, companies are finding it increasingly difficult to secure them, as they often try to deal with new problems using old security concepts, Gartner experts indicate.

In addition, APIs reside on an increasing number of different (cloud) platforms and frameworks, making it difficult to manage their security from a central API management solution. Also, more and more gateways are being built for these APIs that are increasingly in front of the API. This in turn makes managing all these gateways more difficult, which can lead to security problems.

Furthermore, the existence of numerous different APIs, think REST, Webhooks, Websockets, SOAP, GraphQL, Kafka, AsyncAPIs, gRPCs and more, makes management and thus security more difficult. Specifically, GraphQL APIs can lead to major problems. Especially APIs that use data, perform a function or transactions are also considered very vulnerable.

Best practices

To solve the problem around API Security, there are a number of best practices, according to experts from Forrester and Mulesoft, among others. First, it is important to list all APIs used within companies and put them into a catalog. This gives them a complete overview of all their APIs, both their own and those for partners and third parties.

Another best practice for increased API security is collaboration in API development and developing open APIs that anyone can use. Consider, for example, the Open Banking Initiative in Europe that develops APIs that allow banks to make their data available to third parties. Among other things, this avoids risks such as “screen scraping.

Last, but not least, companies must continue to invest in security measures and thus also for their APIs. This is what vendors such as Noname Security and Salt Security have been focusing on in recent years. These API security platforms have been booming. Both companies already achieved unicorn status by the end of 2021. That means they have a market value of more than $1 billion. So they are working hard to solve the problems surrounding API security.

TIP: We wrote several articles about API security in the past. Both Noname Security and Salt Security passed the review. However, this new branch within cybersecurity is also just at the beginning of its development, we learned from the CTO of Noname Security.