A typical enterprise has hundreds of business applications hosted in private or public clouds that interact with their users (customers, partners, and employees) spread across geographies and time zones. These interactions take place via a variety of channels: web, mobile, APIs, VPNs, cloud services, and sometimes via contactless payment terminals supporting Apple Pay.

APIs expose data or functionality for use by applications and developers, which means they are the doors and windows that allow access to a business’s valuable digital assets—and thus to the heart of the business itself. Like all doors and windows that provide access to something valuable, APIs should be designed with security top of mind.

Application programming interfaces (APIs) make these connections possible, and API-first development approaches have helped enterprises to not only enable connected customer experiences, but also participate in software ecosystems that may span billions of users and provide opportunities for unprecedented economies of scale. Yet the popularity of APIs and the varied ways in which enterprises leverage them are attracting hackers and bad actors. As business opportunities increasingly rely on digital connections, each point of interaction becomes both a potential source of business leverage and a potential source of risk.