To say that securing the data that is communicated and transacted among applications is one of the biggest concerns for software vendors and online services is accurate, but a huge understatement. Since data is essentially the currency with which companies attract users and conduct business, there is no room for it to be compromised. A single breach of trust between company and customer (or partner, supplier or any other participant in the ecosystem) will result in a dramatic reduction in credibility. Considering how quickly and easily people can change the providers they work with, this could have draconian repercussions on any organization.
Consider recent security breaches that have made headlines, put businesses in jeopardy, and created global security risks: the NSA spying case, WikiLeaks, Snapchat’s customer phone number breach; these are just a few of the major issues that have happened recently. They have put a renewed focus on how important it is to ensure the privacy of data, while still keeping it flexible enough to do its job.
APIs are the engine of all these transactions of data, commerce and communication, so naturally we obsess about how to keep APIs and the data they work with, secure and authenticated. Our conversations with customers and partners all usually come back to security at some point. We want you, as stakeholders in SOA Software, to understand what it means to create and work in a secure application environment, so we’ve created this resource guide to give you a primer on API Security
Written by Roberto Medrano