As a concept, APIs (or Application Programming Interfaces) have been around since the 1950s. What started out as a potential method to facilitate communication between two computers then evolved to describe the interaction between a singular application and the rest of the computer system in the 60s and 70s. During this period, APIs were also used to enable communication between a mainframe and other systems, such as printers. APIs then played an important role in the birth of the Internet, offering a way for applications to exchange data across the Internet via a specific set of protocols.
These early iterations of APIs were instrumental in defining standards for how data could and would be shared as the world became more technologically enabled. However, the first iteration of what would be considered modern-day APIs came in the early 2000s.
APIs for commerce and beyond
Salesforce, eBay, and Amazon were the three companies that launched early versions of APIs that leveraged the internet and allowed developer access. This marked the first instance that commerce and data-sharing were openly available for a variety of different use cases. It also launched what would become a massive e-commerce industry.
Since then, APIs have evolved far beyond the e-commerce use case. In the years that followed the launch of Amazon and eBay, Flickr launched an API that let users share photos across platforms, Twitter built an API to give developers access to their data, and Google made their expansive geographical data available through their own API.
APIs helped make the world increasingly interconnected, while also helping developers speed up the time to create new tools and solutions. Mobile applications and software solutions leverage APIs to access data and make it available to their end users. And while this development has been crucial to getting us to where we are today, there are some risks that come with the API economy.
The API landscape today
Today, APIs have become a strategic business tool for companies. Leveraging APIs allows organizations to have a critical link to data and services that enable innovation, improved market access, and digital partnerships. Plus, companies with their own APIs can use them to extend their offering and brand experience, building recognition for their products and services.
As adoption grows, so does the threat landscape. According to the Salt Security API Security Trends 2023 report, API attacks are on the rise. In fact, in December 2022, the company’s customers saw a spike in attacks of 400% compared to just a few months prior. A massive 78% of those attacks were from seemingly legitimate users that had maliciously gained authentication.
Beyond the sophistication of bad actors, widespread limited visibility and documentation efforts are also negatively impacting API security. On the one hand security teams tend to have a limited understanding of which APIs expose personally identifiable information, which puts customer and employer data at risk. On the other hand, the constant evolution of APIs makes documentation challenging, and security measures don’t always account for the right factors.
Despite these trends, only 48% of executive teams are talking about API security. Without executive buy-in, it’s difficult for security leaders to effectively invest in a robust API security strategy — but they can’t afford to do anything. Instead, they should connect the dots for their C-suite, making it clear that API security is vital for the success and well-being of the business.
Where to next for APIs?
APIs are here to stay, there’s no question about that. In terms of what’s next, APIs are building a presence in various spaces. According to thought leaders from Google, we can expect to see microservices APIs become a focus for IT departments. APIs have also become important players in software development, where they enable important connections for almost every digital product. As such, if they want their product to be successful, companies will need to make API management and security core functionalities within their organization.
From a security perspective, as leaders become more aware of the threats of making APIs a key element of their business strategy, there will be a stronger focus on setting standards and policies and adopting the right tools to protect the organization.
APIs have come a long way from where they first started, and as businesses continue to find new innovative use cases for them, there’s an opportunity to proactively anticipate risks and mitigate them. This way, we can tap into the full potential of the API economy, without exposing our businesses to unwanted threats.
About the author: Ali Cameron is a content marketer that specializes in the cybersecurity and B2B SaaS space. Besides writing for Tripwire’s State of Security blog, she’s also written for brands including Okta, Salesforce, and Microsoft. Taking an unusual route into the world of content, Ali started her career as a management consultant at PwC where she sparked her interest in making complex concepts easy to understand. She blends this interest with a passion for storytelling, a combination that’s well suited for writing in the cybersecurity space. She is also a regular writer for Bora.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, API)