Of course, this means the use of common security controls germane to APIs: rate limiting and the authentication and authorization of users, services, and requests. It also means understanding data provenance and where exactly to seek context during design or review discussions. For leaders it means that application security programs capture activities to software exposing or using APIs at the right time. More than just buying some new tools, robust API security stems from a culture of security with activities across an SSI (software security initiative)
https://t.co/fL5iXz5Sww