Practical, battle-tested techniques to recognize and prevent attacks on your APIs.

Hackers know how important your APIs are, and they also know how to find the weak spots in your API security. As a result, APIs have become principal vectors of attack against apps and sites. Secure APIs: Design, build, and implement shows you reliable methods you can use to counter cracks, hacks, and attacks on your internal and external APIs.

In this innovative new book, you’ll learn:

• Addressing the OWASP Top 10 API security vulnerabilities
• API security by design
• Zero-trust security
• Automated API testing strategies
• Observability and monitoring for threat detection

Written for developers and architects, Secure APIs: Design, build, and implement shows you how to create and deploy APIs that are resistant to the most common security threats. Author José Peralta illustrates each vulnerability with extended code samples and shows you exactly how to mitigate them in your own APIs. You’ll find insights into emerging AI-powered security threats, along with tips and patterns for using LLMs in your own security testing.

About the technology

APIs are the primary way to share data and services privately inside applications and publicly with customers and partners. Unfortunately, they’re also a prime target for cyberattacks. Here’s the good news! There are proven strategies for finding vulnerabilities, locking out intruders, and building APIs that are secure by design.

About the book

Secure APIs teaches you to design, implement, and deploy secure APIs, providing clear examples of how attackers exploit weak authentication, insufficient constraints, and flawed architecture. In this practical book, you’ll dissect the OWASP Top 10 API security risks and explore techniques to harden your APIs, establish real-time monitoring, and prepare for fast incident response. Case studies from e-commerce, ridesharing, and other high-visibility targets show you how to deploy APIs that stay secure in production.

What's inside

• API security by design
• Zero-trust security
• Automated API testing strategies
• Observability and monitoring for threat detection

About the reader

For software developers and architects, cybersecurity professionals, and QA engineers. Examples are in Python.

About the author

José Haro Peralta is head of cybersecurity strategy at APISec, and author of Microservice APIs. He’s also the founder of microapis.io and apithreats.com.

Table of Contents

1 What is API security?
2 Aligning API security with your organization
3 API security principles
4 Top API authentication and authorization vulnerabilities
5 Top API configuration and management vulnerabilities
6 API security by design
7 API authorization and authentication
8 Implementing API authentication and authorization
9 Secure API infrastructure
10 Financial-grade APIs
11 Observability for API security
12 Testing API security
A API security checklist
B Setting up Auth0 for authentication and authorization
C API security RFCs and learning resource