What Is an API?

API is an acronym that stands for “application programming interface,” and it allows apps to send information between each other. While there are numerous protocols and technologies involved, the underlying purpose of APIs is always the same: to let one piece of software communicate with another.  APIs (sometimes described as web services) work in…

What Is Attribute-Based Access Control (ABAC)?

Attribute-based access control (ABAC) is an authorization model that evaluates attributes (or characteristics), rather than roles, to determine access. The purpose of ABAC is to protect objects such as data, network devices, and IT resources from unauthorized users and actions—those that don’t have “approved” characteristics as defined by an…

API Security Threats in the Real World

When we think of compromised API security, we typically see an image of a hoodie-wearing hacker toiling away in a darkened room, targeting a bank’s server. We can imagine them compiling a custom tool, launching it against the system, and celebrating as your 401k becomes theirs. Alternatively, we may even picture armies of hackers using…

Want to Secure Your APIs? You’ll Need OAuth 2.0 for That

We’re experiencing the rise of the API economy. Whether it’s for a backend system, partner-facing website, or a mobile application designed for customers, companies rely on APIs to share data with more end users than ever before. Unfortunately, APIs are proving to be a major point of vulnerability. This stems primarily from the fact that APIs are…

An Insider’s Take on API Strategy

We recently performed a survey to take the pulse of our community on their own API strategies. Our goal was to change and possibly debunk our own assumptions, and replace them with real-world perspectives from customers and partners working on these things day in and day out. In short, we validated that the fast adoption and sheer volume of APIs…

The Power and Responsibility of your API

While the internet lights up with terrifying costume ideas every October, what we find truly scary are the security breaches that have hit major companies in recent months. Luckily, we have National Cybersecurity Awareness month to provide focus and resources toward a safe and secure internet. To celebrate and observe the month, our diverse team…

API Security in the Wild

“[Company] suffers data breach, millions of customer affected” Everybody has seen this headline multiple times. Most recently, it was T-Mobile, but in the last three years that has also been Instagram, Facebook, Tinder, Air Canada, Panera, the IRS, and the most devastating of all, Equifax. Those are just the ones we know about. Luckily, the T…