API Security

Michael Stone, November 30, 2021, , (src), (all posts)

A friend and colleague recently asked for an overview of the relevant language of “API security”. Here was my reply:

First off, API security is a very messy topic, so I am quite curious how you & others are parsing + thinking about it.

Briefly though: API security is much broader than just web API security (though that may be your interest) since it also includes OS APIs, language/library APIs, as well as APIs used over nominally private transports.

That said, IMO, the usual major decomposition is into

There is a fairly long reading list behind the above outline. However, to simplify, I like to say that: