API Security Guidelines

The document should define appropriate application programming interface (API) Security Guidelines for applications(Microservices) that are being developed across a Organization.

-What is API

-API Risks

-API Enumeration



-OWASP vulnerabilities on API

-API security Best Practices

-Access control(Authorization and authentication)

-Java Based Web Tokens(JWT)

-Implementing API keys

-Restricted HTTP Methods

-Validate content Types

-Send safe content types

-API Endpoints Management

-Proper Input Validation

-Error Handling(Provide an example here: “An error occured” “Your username or -password is wrong”)

-Audit logs(Ensure that sensitive application data is not included in the logs)




-Request cannot be sent as headers

-response of JSON objects

-GET vs Post

-API gateways/WAF

-Rate limit checks

find the cost of your paper