Articles about API

APIs allow the easy exchange of information between apps, microservices and containers. They've become an essential part of the way our digital infrastructure operates.

But the very ubiquity of APIs means developers are under pressure to produce them quickly and that can lead to 'technical debt' because corners are cut. We spoke to Tom Hudson, security research tech lead at app vulnerability scanner Detectify to find out more about why APIs are vulnerable in this way and how they can be secured.

Continue reading →

APIs make life easier for developers by allowing easy access to various program functions. However, this functionality also makes them an increasingly attractive target for attack.

Web application and API Protection platform ThreatX is launching new API catalog capabilities to provide enterprises with a clear view of their API's attack surface, as well as the operational health of any APIs in production.

Continue reading →

In the past six months overall API traffic has increased 141 percent but in the same time period, API attack traffic has grown by a startling 348 percent.

A new report from Salt Security reveals significant challenges in addressing API security, with all Salt customers experiencing API attacks, security topping the list of API program concerns, and very few respondents feeling confident they can identify and stop API attacks.

Continue reading →

Traditional banks are realizing that they must develop more user-friendly open banking apps if they're not to lose customers to fintech startups.

But it's critical that these apps gain the trust of consumers if open banking is to succeed. We spoke to Jasen Meece, CEO of Cloudentity to discuss how financial services companies can ensure their open banking apps and partners adhere to compliance standards and protect consumer’s personal data.

Continue reading →

Microsoft has released a public preview of new APIs for Microsoft Graph that give system administrators, developers and professionals fine-grain control over updates for Windows 10.

The new APIs are powered by the Windows Update for Business deployment service and allow for greater management of update deployment in various environments. Control over the installation of Windows 10 updates is something that administrators and regular users alike have long craved, but it is something that has been made all the more important this year following the release of a seemingly endless string of problematic updates.

Continue reading →

Today’s business leaders are faced with competing challenges and uncharted waters as they continue to navigate the impacts of COVID-19. During the past year, we’ve seen a rise in e-commerce and increased reliance on the cloud to facilitate communications and collaboration and support contactless services.

As business and IT decision makers look to capitalize on new or existing cloud investments and accelerate digital transformation efforts, implementing nimble IT resources is an essential component of the process and will set businesses up for long-term success. Getting the most out of their investment means taking advantage of every opportunity to improve operations and customer experiences through seamless integrations. One such technology that can help in this regard is APIs.

Continue reading →

While organizations have publicly talked of the benefits of digital transformation for some time, the COVID-19 pandemic forced many to pull the trigger on those plans. The crisis accelerated the adoption of digital technologies as organizations across almost every industry underwent huge changes to their operating models. 

Indeed, a McKinsey executive survey notes that companies have accelerated the digitization of their customer and supply-chain interactions and of their internal operations by three to four years. Moreover, the share of digital or digitally enabled products in their portfolios has accelerated by seven years.

Continue reading →

A new report shows that 66 percent of organizations admit slowing the rollout of a new application into production because of API security concerns.

The State of API Security report from Salt Security also reveals that 54 percent of organizations running production APIs have at best only a basic strategy for API security, with 27 percent having no strategy at all.

Continue reading →

As organizations continue to digitally transform business processes, they are increasingly transitioning from legacy applications to modern, cloud-native apps. These intricate modern apps feature far more APIs than their predecessors: In the past, an average app would usually include 1-2 APIs, but now they typically feature dozens. To make things more difficult, many of these new APIs are deeply embedded and hidden. Securing these APIs (and the larger app environments where they live) is proving extremely difficult.

Several other trends are also exacerbating the problem. For one, these new cloud-native apps are mostly built on microservices architectures. With microservices, apps are chopped up into smaller, disparate components. These components or services are then distributed across various clusters and locations, including potentially multiple public clouds and the edge. In addition, most organizations today employ a continuous software development cycle (including CI/CD) in which engineers are constantly churning out new versions of apps. Each new release comes with new APIs. For example, when a developer fixes a bug in an app, they deploy a new API.

Continue reading →

Without a doubt, the pandemic has accelerated digital transformation initiatives, and, in our new remote working environment, enterprises are focusing on how they can continue to provide seamless digital experiences to consumers. To achieve this, APIs are widely recognized as the oil that fuels our digital world, and different types of APIs power the digital mesh to which we are now all connected. 

Once considered niche, API technology has now become mainstream and is viewed as an integral part of the day-to-day digital landscape. In fact, according to The Forrester Wave: API Management Solutions, Q3 2020 report, "By opening access to digital business capabilities, APIs drive agility to optimise customer experiences, create dynamic digital ecosystems, achieve operational excellence, and build platform business models." 

Continue reading →

Launched in June of this year, the MACH Alliance (MACH standing for Microservices based, API-first, Cloud-native SaaS and Headless) is a non-profit group of tech leaders advocating for a new, open and best-of-breed enterprise technology ecosystem.

The Alliance aims to help enterprise organizations navigate the complex modern technology landscape with the belief that competitive advantage doesn't come from owning the stack, but rather from being free to select the best available resources for the moment.

Continue reading →

APIs have become an important mechanism in the modern web, allowing organizations to create powerful web and mobile experiences, using back end data and logic to create new and innovative offerings.

But in order to use them safely they need to be secured and that means understanding what APIs there are in your environment, what their function is and what their traffic profile looks like.

Continue reading →

Around half of respondents to a new survey say that investment of time and resources into APIs will increase over the next 12 months, while another third think investments into APIs will stay the same, despite a tough economic environment.

The study from development collaboration platform Postman shows over 60 percent of survey respondents rate themselves as five out of 10 or better in terms of embracing an 'API-first' philosophy.

Continue reading →

In the year to November 2019, 75 percent of all credential abuse attacks against the financial services industry targeted APIs directly, according to a new report.

The research from Akamai observed 85,422,079,109 credential abuse attacks. Nearly 20 percent, or 16,557,875,875, of these were against host names that were clearly identified as API endpoints. Of these, 473,518,955 attacked organizations in the financial services industry.

Continue reading →

Ever more of our financial transactions are being carried out online, but if you have accounts with more than one provider, keeping track of information can be a challenge both for businesses and individuals.

Formed in October 2018, the Financial Data Exchange (FDX) is committed to uniting the financial industry around a single, interoperable and royalty-free standard for consumers and businesses to access their financial data.

Continue reading →