API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

OAuth Tools site from @curityio lets you play with various #OAuth & #OpenIDConnect flows. Connect to any OAuth server and run the flows of your choice: https://t.co/QRzZVPrZmB Also see video: https://t.co/cNjw3qZhi3

Oracle #WebLogic issued a critical API security patch. Just like with a similar earlier issue, the flaw lies in XML workload deserialization. If you are an API vendor, always enforce payload schemas to avoid similar flaws. https://t.co/rFQiec7faJ via @EduardKovacs / @SecurityWeek

Wallpaper crowdsourcing functionality of @oneplus phones
had APIs with discoverable key that was leaking customer personal data: name, email, country https://t.co/6zPP69KOwk via @EvoWizz / @9to5google

API Security weekly newsletter issue 36 is out. Main stories by @balaganski / @kuppingercole, @horac341 / @IBMSecurity, @bltjetpack / @zackwhittaker / @TechCrunch, @zpring / @threatpost https://t.co/4NApqv97sa

API Security in Microservices Architectures article by
@balaganski / @kuppingercole: looks into the challenges and attack vectors of MS architectures and the technology to mitigate: proactive risk assessment, microfirewalls, @SPIFFEio, service meshes. https://t.co/VO5k1MtUde

From the APISecurity.io Twitter

OAuth Tools site from @curityio lets you play with various #OAuth & #OpenIDConnect flows. Connect to any OAuth server and run the flows of your choice: https://t.co/QRzZVPrZmB Also see video: https://t.co/cNjw3qZhi3

Oracle #WebLogic issued a critical API security patch. Just like with a similar earlier issue, the flaw lies in XML workload deserialization. If you are an API vendor, always enforce payload schemas to avoid similar flaws. https://t.co/rFQiec7faJ via @EduardKovacs / @SecurityWeek

Wallpaper crowdsourcing functionality of @oneplus phones
had APIs with discoverable key that was leaking customer personal data: name, email, country https://t.co/6zPP69KOwk via @EvoWizz / @9to5google

API Security weekly newsletter issue 36 is out. Main stories by @balaganski / @kuppingercole, @horac341 / @IBMSecurity, @bltjetpack / @zackwhittaker / @TechCrunch, @zpring / @threatpost https://t.co/4NApqv97sa

API Security in Microservices Architectures article by
@balaganski / @kuppingercole: looks into the challenges and attack vectors of MS architectures and the technology to mitigate: proactive risk assessment, microfirewalls, @SPIFFEio, service meshes. https://t.co/VO5k1MtUde