{"id":50214,"date":"2023-02-01T11:31:35","date_gmt":"2023-02-01T16:31:35","guid":{"rendered":"https:\/\/sdtimes.com\/?p=50214"},"modified":"2023-10-27T14:18:44","modified_gmt":"2023-10-27T18:18:44","slug":"time-to-hide-your-api","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/","title":{"rendered":"Time to hide your API"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With 70% of respondents to a <\/span><a href=\"https:\/\/stateofapis.com\/\"><span style=\"font-weight: 400;\">report<\/span><\/a><span style=\"font-weight: 400;\"> expecting to use more APIs in 2023 than last year, this presents a heightened challenge for API security, which only comprises about 4% of the testing efforts at organizations today.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The 4th annual State of the APIs Report collected insights from more than 850 global developers, engineers, and leaders from across the technology community spanning over 100 countries including the US, the UK, Germany, and India.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The increased API usage is especially prominent in telecommunications, which is projected to rise to 72%, up from 59% last year. This is followed by smaller, yet still considerable, increases in the fields of technology and professional services.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Mark O&#8217;Neill, VP analyst, and chief of research for software engineering at Gartner, correctly predicted in 2021 that by this year, API breaches would be the number one threat vector for web applications.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cPart of the reason for that is because with mobile and web apps, along with any other type of modern application that you\u2019re using, it all involves the use of APIs,\u201d O\u2019Neill said.\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/www.gartner.com\/en\/documents\/4009103\"><span style=\"font-weight: 400;\">Gartner research<\/span><\/a><span style=\"font-weight: 400;\"> has estimated that by 2025, fewer than half of enterprise APIs will be managed, as explosive growth in APIs surpasses the capabilities of API management tools and \u201csecurity controls try to apply old paradigms to new problems.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This vast number of APIs floating around the organization is further complicated by multiple teams building and managing APIs all while using different cloud platforms and frameworks, according to O\u2019Neill.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cWhen you have different platforms where your teams are building and deploying APIs, there\u2019s no one place to put the gateway, which is a problem for traditional API management solutions,\u201d O\u2019Neill said.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To secure this wide API landscape, many companies have put up multiple gateways, which means that now there are more gateways in front of APIs, but it created a new problem of learning how to manage all of these gateways together.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cMany clients have asked us for a federated solution that would work across different API gateways and allow teams to have a single picture of their API traffic and to have a single control plane for management and security, but at the moment, that is a gap in the market,\u201d O\u2019Neill said.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A single federated solution would allow users to set up authentication and authorization schemes across different APIs, ensuring that only the right users have access to the right resources. It also enables administrators to set up rate limiting and other security measures, such as IP white\/blacklisting, to protect against malicious attacks.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With such a solution, teams would also gain visibility into API performance and usage, allowing teams to identify and address potential security issues quickly.<\/span><\/p>\n<h5><b>A hodgepodge of APIs in use<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">The other problem APIs present for API management solutions is that there are many different types of APIs in use.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The API jumble often consists of REST, Webhooks, Websockets, SOAP, GraphQL, Kafka, AsyncAPIs, gRPCs, if not more.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cIf you look at a typical organization that has deployed API management, they may believe that all of their APIs are being managed on one platform,\u201d O\u2019Neill said. \u201cBut typically, there are a lot of other APIs that they have that are part of web applications, part of mobile apps, and they&#8217;re not managed, they&#8217;re effectively under the radar for that organization. And these are the ones that get breached.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The APIs to watch out for in particular are GraphQLs, according to O\u2019Neill. Users can do very wide and deep queries on data, which can also be their downside because it\u2019s difficult to set up proper access control rules. The complexity of the query can make it hard to predict what data will be accessible.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Additionally, the use of variables in queries can make it difficult to prevent malicious users from exploiting the API. GraphQL APIs are often stateless, which means that security teams need to ensure that all requests are properly authenticated and authorized. These types of APIs are also new so many organizations are just building up their security teams\u2019 skills around GraphQL and graph APIs in general.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another challenge is to consider where all of your APIs are coming from.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While internal APIs were still the most common API type developers reported working on for their organization, more developers in 2022 reported working on partner-facing or third-party APIs than the year prior. In addition, the SaaS applications that developers utilize also often use their own set of APIs.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The percentage of developers who reported working on partner-facing and third-party APIs grew by almost 5% in 2022 compared to 2021, according to the 2022 State of the API report. This change was even more dramatic with partner-facing APIs in industries like technology, which grew by nearly 10%.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">One hotspot of security issues tends to be around the APIs that require access to data: customer data, preferences, and all sorts of account information. Issues also surround APIs that run a function to do something because often that requires a transaction, so payment information might be at risk, O\u2019Neill said.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cOne is the whole area of loyalty cards where you get points for making purchases, traveling, and so on. Those involve many APIs. So you have an API to look up how many points a certain person has or you have an API to spend the points. We&#8217;ve seen security breaches where attackers have been able to find people who have accrued many points and then spend those,\u201d O\u2019Neill said. \u201cOften the person is not aware, because they simply were not aware that they were running up all these points in the first place, and then they&#8217;re not aware when they get spent.\u201d<\/span><\/p>\n<h5><b>Best practices for API security<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">The first step for ensuring API security is to catalog all of the APIs in the organization and to have an inventory. Often, companies only look at their existing API gateway to see what APIs are registered there, but even multiple gateways don\u2019t paint the complete picture, O\u2019Neill explained.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cThe way that we advise people to do this is to see what APIs your business depends on,\u201d O\u2019Neill said. \u201cSo those of course can be your own APIs, but they can also be important to APIs that you&#8217;re consuming from third parties as well. It\u2019s going to be a problem if those APIs suffer a security breach, if they are unavailable, or if they are just simply changing and creating breaking changes. So API discovery is a hard problem because you have to look in multiple places for the APIs.\u201d\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">One approach is to simply ask the internal product managers who are then speaking to engineering leaders about what APIs the teams are building.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are also some solutions on the market that enable users to tap into application firewalls in the infrastructure at the CDN level to look at the traffic and see what API calls are happening.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cThat approach can in many ways be too late because those APIs that you\u2019re discovering are already in production. But still, it\u2019s better than not discovering them at all,\u201d O\u2019Neill said.\u00a0<\/span><\/p>\n<h5><b>Using APIs to increase security<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">By collaborating with APIs, organizations can become more secure as a whole. One such example occurred in the Open Banking Initiative that started in Europe but has since spread in popularity to North America.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Open Banking Initiative began in January 2016, when the Competition and Markets Authority (CMA) in the UK issued a directive ordering the country&#8217;s nine largest banks to open up their customer data to third-party providers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Since then, it has become valuable because it has allowed financial institutions to create Open APIs that outside organizations and their third-party developers can leverage, according to MuleSoft in a <\/span><a href=\"https:\/\/www.mulesoft.com\/resources\/api\/implementing-open-banking-initiative\"><span style=\"font-weight: 400;\">blog post.\u00a0<\/span><\/a><\/p>\n<p><span style=\"font-weight: 400;\">Rather than opening up the APIs to attack, the initiative enabled a secure form of data exchange that accelerates collaboration with outside organizations and has decreased the risks associated with screen scraping, a technique used by programs to extract data from the human-readable output of a computer application.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Screen scraping is insecure because it requires customers to provide third-party aggregators with login credentials and it also pushes significant traffic to servers with every \u201cscrape.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Open Banking initiatives offer financial institutions the opportunity to safely collaborate with third-party developers through APIs. Unlike screen scraping, this secure data exchange is API-enabled and does not strain or overload servers.\u00a0<\/span><\/p>\n<h5><b>Market forecast for 2023<\/b><\/h5>\n<p><span style=\"font-weight: 400;\">Cyberattacks and data breaches don\u2019t pause with an economic slowdown. When prioritizing security investments, security leaders should continue to invest in security controls and solutions that protect the organization\u2019s customer-facing and revenue-generating workloads, as well as any infrastructure critical to health and safety for those organizations in industries such as utilities, energy, and transportation, according to Forrester in its <\/span><a href=\"https:\/\/www.forrester.com\/bold\/planning-guide-2023-security-risk\/\"><span style=\"font-weight: 400;\">Planning Guide 2023: Security &amp; Risk<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cAPI-first is the de facto modern development approach, and APIs help organizations create new business models and methods of engagement with customers and partners. However, security breaches due to unprotected APIs and API endpoints are common and no single type of tool fully addresses API security,\u201d the guide states.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">API management tools address authentication and authorization issues, while API-specific security tools are used for scanning and discovery. Additionally, some security tools extend further to provide runtime protections and microgateways to protect against API attacks. Traditional security tools such as WAFs and bot management solutions are also expanding to cover these attacks, the report added.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Gartner\u2019s O\u2019Neill said that he is seeing large vendors take steps forward in providing strong API protection and are acquiring some of the smaller specialist vendors that have come along for API protection as well.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to the 2022 State of APIs report, 69% of developers said that they expect to use APIs more in 2023 while 25% said that they expect about the same. Only about 6% stated that they expect less or they didn\u2019t know.\u00a0<\/span><\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.\u00a0 With 70% of respondents to a report expecting to use more APIs in 2023 than last year, this presents a heightened challenge for API security, which only comprises about 4% of the  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":871,"featured_media":50215,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[2398,1],"tags":[1823,4000,45],"coauthors":[14818],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Time to hide your API - SD Times<\/title>\n<meta name=\"description\" content=\"The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Time to hide your API - SD Times\" \/>\n<meta property=\"og:description\" content=\"The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-01T16:31:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-27T18:18:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"734\" \/>\n\t<meta property=\"og:image:height\" content=\"515\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jakub Lewkowicz\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jakub Lewkowicz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/\"},\"author\":{\"name\":\"Jakub Lewkowicz\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/0ccf41924f263cbae6638a4df0210f42\"},\"headline\":\"Time to hide your API\",\"datePublished\":\"2023-02-01T16:31:35+00:00\",\"dateModified\":\"2023-10-27T18:18:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/\"},\"wordCount\":1669,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg\",\"keywords\":[\"API\",\"API testing\",\"security\"],\"articleSection\":[\"Buyers Guide\",\"Latest News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/\",\"url\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/\",\"name\":\"Time to hide your API - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg\",\"datePublished\":\"2023-02-01T16:31:35+00:00\",\"dateModified\":\"2023-10-27T18:18:44+00:00\",\"description\":\"The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg\",\"width\":734,\"height\":515},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Time to hide your API\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/0ccf41924f263cbae6638a4df0210f42\",\"name\":\"Jakub Lewkowicz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/a061823dfc0b893ed859b59dc9554372\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fec6c7c06cf379ac99029d9c59940dab?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fec6c7c06cf379ac99029d9c59940dab?s=96&d=mm&r=g\",\"caption\":\"Jakub Lewkowicz\"},\"description\":\"Jakub Lewkowicz is a multimedia journalist who loves all things tech. Polish-born and Long Island-bred, he is an Online and Social Media Editor for SD Times. He is also a Carnegie Hall pianist and music producer.\",\"url\":\"https:\/\/sdtimes.com\/author\/jakub-lewkowicz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Time to hide your API - SD Times","description":"The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/","og_locale":"en_US","og_type":"article","og_title":"Time to hide your API - SD Times","og_description":"The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.","og_url":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2023-02-01T16:31:35+00:00","article_modified_time":"2023-10-27T18:18:44+00:00","og_image":[{"width":734,"height":515,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg","type":"image\/jpeg"}],"author":"Jakub Lewkowicz","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Jakub Lewkowicz","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/"},"author":{"name":"Jakub Lewkowicz","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/0ccf41924f263cbae6638a4df0210f42"},"headline":"Time to hide your API","datePublished":"2023-02-01T16:31:35+00:00","dateModified":"2023-10-27T18:18:44+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/"},"wordCount":1669,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg","keywords":["API","API testing","security"],"articleSection":["Buyers Guide","Latest News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/","url":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/","name":"Time to hide your API - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg","datePublished":"2023-02-01T16:31:35+00:00","dateModified":"2023-10-27T18:18:44+00:00","description":"The need for robust API security is growing rapidly in response to the increasing dependence of organizations on APIs for their digital operations.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2023\/02\/Screen-Shot-2023-02-01-at-11.30.54-AM.jpg","width":734,"height":515},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/security\/time-to-hide-your-api\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"Time to hide your API"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/0ccf41924f263cbae6638a4df0210f42","name":"Jakub Lewkowicz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/a061823dfc0b893ed859b59dc9554372","url":"https:\/\/secure.gravatar.com\/avatar\/fec6c7c06cf379ac99029d9c59940dab?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fec6c7c06cf379ac99029d9c59940dab?s=96&d=mm&r=g","caption":"Jakub Lewkowicz"},"description":"Jakub Lewkowicz is a multimedia journalist who loves all things tech. Polish-born and Long Island-bred, he is an Online and Social Media Editor for SD Times. He is also a Carnegie Hall pianist and music producer.","url":"https:\/\/sdtimes.com\/author\/jakub-lewkowicz\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/50214"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/871"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=50214"}],"version-history":[{"count":1,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/50214\/revisions"}],"predecessor-version":[{"id":50216,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/50214\/revisions\/50216"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/50215"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=50214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=50214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=50214"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=50214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}