preface
APIs are now the main attack vector on the internet and the principal source of breaches. Technical and business leaders rightly consider API security to be a top concern. The sheer number of standards and protocols we need to know to implement API security is daunting, but that doesn’t mean we should shy away from APIs. In today’s ecosystem, that’s probably impossible. Our mission as developers, architects, and cybersecurity professionals is to learn the right standards and protocols to protect our APIs, and this book will help you in that journey.
APIs have become the industry standard for exposing data and functionality over the internet. We use APIs to power web and mobile applications; connect Internet of Things (IoT) devices; drive integrations between microservices; deliver products and services; and, more recently, expose the capabilities of generative AI models. APIs account for 83% of all internet traffic; unfortunately, they are often improperly secured, making them ideal targets for hackers and cybercriminals.