An API, or application programming interface, is a way for two computer programs to talk to one another. A website, for example, may use an API to request information from a database or pass information to a third-party service. Mobile apps often use APIs to send data back and forth to central servers. And traditional websites are rapidly being replaced by highly interactive API-powered sites. APIs are also key for business-to-business applications, replacing older mechanisms of information exchange.
API calls now represent 83 percent of all web traffic, according to a report released by Akamai earlier this year. That means more great, feature-rich applications, but it also means more security risk. According to Gartner, by 2021, 90 percent of web-enabled applications will have more attack surface area in the form of exposed APIs rather than user interfaces, up from 40 percent in 2019. By 2022, API abuses will become the most-frequent attack vector, the analysts predict.
It’s already started.