Securing how the API traffic is transported to and from your API is important for keeping the data away from prying eyes. For example, if your API allows unencrypted traffic, otherwise well-rounded security can be rendered useless when requests and responses are transmitted in the open. Anyone listening to the network traffic while the calls are being made may intercept them and use the gained information to circumvent your other security measures.
Browse through this section to see the details of each API security risk related to transporting the API traffic.
- API accepts HTTP requests in the clearOperation accepts HTTP requests in the clearOperation does not have the 'consumes' field definedOperation does not have the 'produces' field defined
Copyright 42Crunch 2021