API Security Articles

The Latest API Security News, Vulnerabilities & Best Practices

APISecurity.io is a community website for all things related to API security. Our daily news and weekly API Security newsletter cover the latest breaches, vulnerabilities, standards, best practices, regulations, and technology.

API Security Encyclopedia provides details on possible security issues in API contracts and how to remediate them, and our tools help you evaluate how secure the APIs you are working on actually are.

Subscribe to the API Security newsletter

By clicking Subscribe you agree to our Data Policy

From the APISecurity.io Twitter

India is locking down API access to the country's COVID vaccination systems due to too many enthusiasts exploiting the access:
https://techobserver.in/2021/05/08/cowin-portal-restricts-real-time-vaccination-slots-data-after-geeks-started-exploiting-api/ via @TechObservor

Implementing your APIs in .NET Core? Check out this blog post by @jedgarsilva / @42crunch on how to use Swashbuckle and NSwag to create high quality @OpenApiSpec API contracts from annotations in your code.
https://42crunch.com/creating-high-quality-oas-definitions-with-net-core/

Attending @RSAConference? Check out some great API Security content on the @AppSec_Village track on May 20: including sessions by @ErezYalon, @dsopas, @shehackspurple and more!
https://www.rsaconference.com/usa/agenda/full-agenda#q=sbx2&sort=%40eventstart%20ascending

As reported by @FlyingPhishy (@PenTestPartners) APIs behind popular @onepeloton stationary bikes & treadmills have been leaking private user data. Initially, APIs were not even protected by authentication, then it took them time to add authorization.
https://www.pentestpartners.com/security-blog/tour-de-peloton-exposed-user-data/

API Security weekly newsletter issue #132 is out. Main stories by @BillDemirkapi, @vk_tushar, @adrien_jeanneau / @yeswehack / @Burp_Suite, Ahmad Talahmeh / @InfoSecComm
https://apisecurity.io/issue-132-experian-api-leak-breaches-digitalocean-geico-burp-plugins-vapi-lab/

From the APISecurity.io Twitter

India is locking down API access to the country's COVID vaccination systems due to too many enthusiasts exploiting the access:
https://techobserver.in/2021/05/08/cowin-portal-restricts-real-time-vaccination-slots-data-after-geeks-started-exploiting-api/ via @TechObservor

Implementing your APIs in .NET Core? Check out this blog post by @jedgarsilva / @42crunch on how to use Swashbuckle and NSwag to create high quality @OpenApiSpec API contracts from annotations in your code.
https://42crunch.com/creating-high-quality-oas-definitions-with-net-core/

Attending @RSAConference? Check out some great API Security content on the @AppSec_Village track on May 20: including sessions by @ErezYalon, @dsopas, @shehackspurple and more!
https://www.rsaconference.com/usa/agenda/full-agenda#q=sbx2&sort=%40eventstart%20ascending

As reported by @FlyingPhishy (@PenTestPartners) APIs behind popular @onepeloton stationary bikes & treadmills have been leaking private user data. Initially, APIs were not even protected by authentication, then it took them time to add authorization.
https://www.pentestpartners.com/security-blog/tour-de-peloton-exposed-user-data/

API Security weekly newsletter issue #132 is out. Main stories by @BillDemirkapi, @vk_tushar, @adrien_jeanneau / @yeswehack / @Burp_Suite, Ahmad Talahmeh / @InfoSecComm
https://apisecurity.io/issue-132-experian-api-leak-breaches-digitalocean-geico-burp-plugins-vapi-lab/