For strong API security, you need a program not a piecemeal approach

When designed and managed properly, APIs can be less problematic than traditional integration methods and can actually increase an organization's security posture.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

An application programming interface, or API, is a piece of software that contains the programming instructions, standards and protocols that enable two applications to talk to each other.

It essentially serves as a bridge that allows data to flow back and forth between the two systems.

APIs can build these bridges in several settings, according to Randy Heffner, vice president and principal analyst serving application development and delivery professionals at Forrester Research Inc.

Open (or public) APIs are those publicly available for developers to access. Others are restricted, open only between organizations that have a business relationship (either an existing established one or a new one specifically enabled because of the API). Organizations also have private APIs, which are used to connect internal applications. Some organizations also use APIs as products, enabling services that would otherwise be impossible to deliver.

Given this range of uses, Heffner says businesses are building more and more APIs to connect both internal applications as well as connect their own internal applications with those belonging to business partners, vendors and consumers.

They’re opting to use APIs rather than more traditional integration processes, such as customized software and architecture, to bridge systems because APIs offer a speed and agility that more conventional approaches don’t – while also ensuring a secure passage for the data.

That’s the goal, at least.

“The hope is that when we design APIs, and design them well, we can speed the integration time because you have less code to write and you don’t have to know how the two systems work,” says James Higginbotham, founder and CEO of the technology consulting firm LaunchAny.

Not a perfect solution

Like other pieces within the enterprise IT stack, APIs can open organizations and their stakeholders up to risks when they’re not well designed and appropriately managed.

“APIs have reached a place where, very broadly speaking, they’re a recognized business driver and not just a technology aspect. [As a result,] we are seeing APIs handling essentially everything,” says Uri Sarid, CTO of application networks provider MuleSoft. “APIs move the needle on the business and that has swept away, ‘Should we use them? Is it Ok? And what data should we expose? to ‘What is the right way to secure them?’"

To continue reading this article register now