• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • The Ease Of API Programming Has To Be Balanced By Heightened API Security

    October 18, 2021 Brian May

    If you have modernized legacy applications or created new applications from scratch, you very likely have application programming interfaces, or APIs, exposed to enable applications to share data. To some ways of thinking, this sharing of data between chunks of code in a formalized way – within the organization or across code bases developed internally or created by third parties and residing on premises, in the cloud somewhere, or both – is what actually constitutes an application. The integrated whole is what makes everything work.

    By their very nature, therefore, APIs are a boon to companies looking to weave together lots of different kinds of code to run their businesses, but they are also a security nightmare because not all of the code or the APIs that are used by companies are under their direct control. This is the nature of an interconnected internet, which reflects the interconnectedness of businesses.

    So the proper development, deployment, and management of APIs is at the core of any successful digital transformation strategy and any new application development strategy. And when third parties want to integrate with your platform, well-built APIs make that integration much more straightforward and secure. Those third parties are important, and sometimes your company is the third party when you use an API to access functions in a hyperscaler’s applications (think Google or Facebook or Apple) or in the application stack at a cloud builder that also provides its own applications (think of the myriad services available at Microsoft Azure, Amazon Web Services, or Google Cloud.) By linking to these third parties, the APIs can provide companies with new revenue streams by opening up systems to a broader range of consumers.

    And moreover, even in those cases where the company is in control of all of its own code and is using modern programming techniques with lots of APIs weaving things together, they need some way to keep track of all of these APIs and to make sure that they are secure and that only the programs that are supposed to be accessing information in the system are doing so.

    How Do You Secure APIs?

    API security is the act of defending APIs from cyberattacks, exploitation, and misuse. With effective API security measures in place, you can protect your business from hackers that want to intercept and exploit important data, thus trying to harm your company. Compared to internal-facing APIs, public-facing APIs are significantly more susceptible to security threats. Public APIs come with unique challenges because they are available between the organization and third-party developers. If a perpetrator successfully breaches an API, it can be harmful to both the application and end users because the breach serves as an entry point to accessing sensitive data. That being said, a security breach in private APIs can impact application performance and expose sensitive data.

    A successful attack can be very costly for a business, and it is essential to strengthen the system to solve the breach. For instance, security patches must be deployed immediately to prevent further exploitation. Users also play a significant role simply by changing their passwords. Security issues can cause irreversible damage to the brand so it’s best to prevent them than fix them. Users can lose trust, and it can destroy the company’s credibility. Furthermore, integrated third-party apps can be harmed by extension.

    Therefore, organizations should take API security measures seriously.

    This does not mean your company should avoid APIs. In this digital age, it is virtually impossible, nor is it sensible to avoid APIs. With the increasing demand for apps and integrations, enterprises will continue to rely on APIs, and hackers will continue to take advantage of opportunities to exploit data. What you can do is to make sure that anyone in the company who uses APIs or is part of implementing integrations understand and execute API security measures.

    When it comes to keeping your APIs secure, it is easy to get lost in the work that needs to be done. The ultimate goal is to protect your users and their data against attackers and defend them against any kind of threat. Moreover, you also need to safeguard third party developers who integrate with your system.

    APIs are powerful, but they come with challenges. The possibilities are endless, but a simple oversight can eclipse the benefits that they provide. Although it is impossible to eliminate all security threats, the expert tips provided in this document are necessary to provide a blanket of protection for any business that cares about its reputation, and most of all, its users.

    Get started creating secure APIs today with Profound API. And to find out more about the kinds of security threats that are common to APIs and the means of protecting against them, download our whitepaper, called The Importance of API Security to Protect Sensitive Business Data, at this link.

    Brian May is director of pre-sales and customer solutions at Profound Logic.

    This content is sponsored by Profound Logic.

    RELATED STORIES

    Profound Logic Speeds Up Mobile Client

    Open Source Technology Stands On The Shoulders Of Legacy Applications

    Low-Code API Development Gets A Boost From Profound

    Choosing The Language To Transform Your Applications

    Is 2030 The New Y2K?

    Getting Out Of The Catch-22 Of Application Transformation

    IBM i Before And After The Pandemic

    Profound and Connectria Hook Up in Cloud-Modernization Push

    Profound Marks 20 Years With A Free Dev Site For Node.js

    Need Help Approving A Modernization Project? Try A Business-Led Approach

    NodeRun Is Node.js For Everyone

    Sometimes Even DIYers Need A Little Help

    What Is The State Of Your IBM i Modernization?

    Break Out Of Your RPG Comfort Zone

    Profound Rolls Out Node.js Development Services

    Profound Digs Deeper Into Node.js

    Talking Modernization With Profound Logic

    Profound Survey Adds To ‘Why i Matters’ Discussion

    Modernization or Migration? Survey Aims to Sort Out the Direction

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: API, IBM i, Profound API, Profound Logic

    Sponsored by
    VISUAL LANSA 16 WEBINAR

    Trying to balance stability and agility in your IBM i environment?

    Join this webinar and explore Visual LANSA 16 – our enhanced professional low-code platform designed to help organizations running on IBM i evolve seamlessly for what’s next.

    🎙️VISUAL LANSA 16 WEBINAR

    Break Monolithic IBM i Applications and Unlock New Value

    Explore modernization without rewriting. Decouple monolithic applications and extend their value through integration with modern services, web frameworks, and cloud technologies.

    🗓️ July 10, 2025

    ⏰ 9 AM – 10 AM CDT (4 PM to 5 PM CEST)

    See the webinar schedule in your time zone

    Register to join the webinar now

    What to Expect

    • Get to know Visual LANSA 16, its core features, latest enhancements, and use cases
    • Understand how you can transition to a MACH-aligned architecture to enable faster innovation
    • Discover native REST APIs, WebView2 support, cloud-ready Azure licensing, and more to help transform and scale your IBM i applications

    Read more about V16 here.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Guru: What Is Constant Folding And Why Should I Care About It? Planning A Modernization Project? Read This First

    Leave a Reply Cancel reply

TFH Volume: 31 Issue: 68

This Issue Sponsored By

  • UCG Technologies
  • Profound Logic
  • Computer Keyes
  • Eradani
  • New Generation Software

Table of Contents

  • Planning A Modernization Project? Read This First
  • The Ease Of API Programming Has To Be Balanced By Heightened API Security
  • Guru: What Is Constant Folding And Why Should I Care About It?
  • As I See It: The Management Challenge
  • We Have The Whole World Of Cloud In Our Hands

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • With Power11, Power Systems “Go To Eleven”
  • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
  • Izzi Buys CNX, Eyes Valence Port To System Z
  • IBM i Shops “Attacking” Security Concerns, Study Shows
  • IBM i PTF Guide, Volume 27, Number 26
  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle