Software Engineering Institute

Application programming interfaces (APIs) are increasingly common, and they are often designed and implemented in a way that creates security risks. This report describes 11 common vulnerabilities and 3 risks related to APIs, providing suggestions about how to fix or reduce their impact. Recommendations include using a standard API documentation process, using automated testing, and ensuring the security of the identity and access management system.