According to Gartner, APIs will be the most common attack vector by 2021. Unfortunately, we’re already seeing the leading edge of that as the sheer volume of business-critical capabilities are provided by under-protected APIs. Therefore, without a deliberate, focused effort on protecting your systems now, that timeline may be optimistic.
API keys are only a starting point. An API Gateway and OAuth provide a better, more powerful solution but a centralized point of control with closely monitored policies and context-aware access management is the best solution of all. Today’s trusted partner may be tomorrow’s compromised system letting attackers mimic legitimate users. We need the flexibility to adjust, respond, and protect our systems based on the full context of the user and their goals.
This whitepaper describes the modern API Security landscape, and how to effectively leverage OAuth 2.0 and API Gateways for authentication and authorization from both the infrastructure and software development mindset.