API Application Security
API security is really just a subset of web application security. There are a few specific things we need to think about in the contect of API's.
API's generally authenticate users using a secret. It is critical that the secret be tied to a user or subject. A good way to think about it is that you want to have a "user" and a "password". These would come from "API KEY" and "Secret". This allows us to tie requests to a user and change the password.
API's sometimes seem invisible. They are not. Authorization is critical in API's. Additionally, rate limiting can be an important consideration. Metrics can be extremely helpful in identifying patterns of misuse.
Resources
Support or Contact
Having trouble with the developer pages? Help us update them or [email protected] and we’ll help you sort it out. See something wrong? Get involved and help us fix it!