Formulating effective API security is a critical design decision, as well as an ongoing operations imperative. This is an important subject, addressed in many books with a broader scope than ours. This chapter is by no means a definitive survey of Internet security techniques. Here we highlight the security issues and techniques that apply to designing and operating APIs specifically.

The security models you choose are an important characteristic of your API and must be appropriate for the business. If your API deals with sensitive finance data over public networks, stronger security measures will be required than if your API simply passes data around for a private audience on a protected network.