API Security

Always remember the CIA triad when securing API’s:

• C: Confidentiality - Only intended audience can access information.
• I: Integrity - Prevent unathorized mutation of data.
• A: Availability - API can be reached by legitimate users.

Common API Threats: STRIDE

• S: Spoofing - pretending to be someone else
• T: Tampering - altering data
• R: Repudiation - denying authorship
• I: Information disclosure - revelaing private information
• D: Denial of Service - preventing access
• E: Elevation of Privilige - gaining access to unauthorized information