Subscribe to our Blog



Weekly Digest API Security August 11, 2016

Securing our increasingly online world is never a straightforward conversation. It is a continuous, daily journey, filled with technical, business, and political challenges at every turn. The conversation about securing our digital assets is one that many companies often put off having, often times until it is too late. It’s a scary and potentially daunting problem to face head on, making it understandable that many business and IT leaders can’t even figure out where they should begin–this is the reason why APIWare developed Sapience.

The Application Programming Interface (API) is at the center of online security today, whether we  want to acknowledge it or not. Web APIs are increasingly being used to expose public and private resources over the Internet, for consumption by web and mobile applications, system-to-system integration, as well as increasingly being used to connect everyday physical objects to the Internet. Look down at your mobile phone, all those icons on the homepage are using APIs to transmit your information and location online. This is just your personal world; businesses, institutions, and government agencies are all sharing their vital digital resources in the same way.


What makes the API security conversation so important is that it is not just about securing the APIs themselves. API security is about taking a proactive, organized, honest, and transparent approach to our business operations. It is about being honest with ourselves, partners, and consumers about the fact we are all using the open Internet to transmit our most valuable personal and business resources. API security is about demonstrating that we have our online infrastructure well defined and documented and are actively testing the strength of this network, and we are also open to other external factors helping us define and strengthen our critical digital infrastructure.

API security is not just about scanning specific API endpoints for a range of common vulnerabilities, this is the just the technical core. Having an API-first approach provides security because you know all of your digital assets are being accessed through a common set of interfaces, as opposed to a multitude of ad-hoc data connectors, FTP dumps, and black box proprietary interfaces. Having an API-first approach provides an awareness of our business, institutional, and agency digital surface areas–what content, data, and digital assets exist, where they are located, and accessing them via a common interface that is secured properly.


Unfortunately, this is not how many organizations are operating online today. Many businesses, institutions, and organizations are only just now realizing the importance of an API-first strategy and having a coherent strategy for how data, content, and other digital assets are accessed and distributed across web, mobile, and other digital destinations. As companies are embarking on this very important API journey, APIWare wanted to provide a simple, understandable, easy-to-use service that would help them ensure their API infrastructure was protected against the most common of vulnerabilities which are often used to exploit systems.

The APIWare team has developed Sapience to help be the technical core for small businesses, enterprises, institutions, and government agencies, but we also want to help lead a wider API security conversation about why APIs are important, and how we can all work together to discover, strengthen, and stabilize our vital digital assets.

Maybe you’ll like these posts