Getting started
Start to learn the main concepts of Mia-Platform and how to use to develop your services
Start to learn the main concepts of Mia-Platform and how to use to develop your services
Discover more
Discover all the benefits of becoming a Mia-Platform's partner entering the program.
Discover more
We are living in the API economy. Today, application programming interfaces are no longer a mere technical tool for software integration; they have become a global use mechanism to simplify the connection among systems, applications, data, and build new digital products and services. A few figures: in June 2019, ProgrammableWeb announced that its directory has hit more than 22 thousand APIs.
By simplifying the interaction with third parties, APIs facilitate the creation of new business models, allow to create excellent user experiences, and expand commercial channels and company turnover. For example, by taking advantage of the API model, a company like Uber has rapidly grown, and in 2019 its value was estimated between 80 and 90 billion dollars.
Since APIs manage a growing business and corporate information and user data pass through them, safety issues have become important. Not adopting an API Security strategy means risking strategic or sensitive data breaches and losses.
API Security refers to the set of methods, products, protection technologies that help defend APIs from violation attempts or prevent access to information, in case of attacks on the system.
Beyond the methodologies, defense and protection tools that will be used, it is essential to understand that API security is not an aspect that can be dealt with at a later time: it must be addressed immediately, from the beginning of the project development, and must be an essential and priority part of it.
For example, a good starting point for building an API Security strategy can be a design based on guidelines such as the Top 10 Open Web Application Security Project (OWASP) document or performing a security test. OWASP is a non-profit project that collects guidelines, tools, and methodologies that help to understand at what level of protection the organization’s IT infrastructure is located, how to improve security, and how to avoid the most critical security risks during the development of software and web applications.
In the software design phase, the policies applicable to strengthen the API Security may concern system infrastructures or affect the design of components and their relationships – that’s to say architectural strategies.
Considering the key principle that API security must be addressed from the beginning of the project, the illustrated best practices are the most common to strengthen your own API Security strategy. Since you need to choose a starting point, the first step is probably to begin separating the commercial interaction channels from the core systems, which need to be protected by an API management solution capable of providing a solid, light, and reliable API Gateway.