API Security: Get Started Now

How do I get started?

That is, after all, the right question. But even though it’s becoming increasingly clear that the need for API security is dire, there isn’t much content available that discusses API security and even less practical advice on where to begin your API security journey. We’ll rectify some of that with the steps we’ve outlined below.

Where to Begin with API Security

Enable Your Team to Protect Your APIs

Securing your APIs starts with connecting and enabling the teams entrusted with the heavy lifting. That begins with conversations that include your InfoSec and API group, preferably together.

Perform an API Security Assessment

You can’t lay the path forward until you have your bearings. That’s why an assessment is a next step in the process of securing your APIs.

Develop and Communicate Your API Security Vision

With your teams communicating and with full knowledge of your current API security posture, you’re ready to begin defining your API Security Vision (some will view this as a “proposal”). This plan is a marriage of the information you’ve gathered in the first two steps and the knowledge of your current environment and processes.

  • Costs
  • Timelines
  • Any other metrics you’d use for a project

Implement Your Plan to Improve Your Security Posture

It’s tempting to jump to implementation but getting API security right means laying all of the groundwork that we’ve just outlined first. Once that’s done, only then should implementation get going.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aaron Lieberman

Aaron Lieberman


Aaron’s passion for technology drives him to find innovative ways to help advance organizations through technology.