API Security Resource Guide
February 20, 2014

API Security Resource Guide


To say that securing the data that is communicated and transacted among applications is one of the biggest concerns for software vendors and online services is accurate, but a huge understatement. Since data is essentially the currency with which companies attract users and conduct business, there is no room for it to be compromised. A single breach of trust between company and customer (or partner, supplier or any other participant in the ecosystem) will result in a dramatic reduction in credibility. Considering how quickly and easily people can change the providers they work with, this could have draconian repercussions on any organization.

Consider recent security breaches that have made headlines, put businesses in jeopardy, and created global security risks: the NSA spying case,  WikiLeaks, Snapchat's customer phone number breach; these are just a few of the major issues that have happened recently. They have put a renewed focus on how important it is to ensure the privacy of data, while still keeping it flexible enough to do its job.

APIs are the engine of all these transactions of data, commerce and communication, so naturally we obsess about how to keep APIs and the data they work with, secure and authenticated. Our conversations with customers and partners all usually come back to security at some point. We want you, as stakeholders in SOA Software, to understand what it means to create and work in a secure application environment, so we've created this resource guide to give you a primer on API Security:

General API Security:


API Security and Management with API Gateway


Securing Mobile Apps

  • APIs At The Heart of your Mobile App Strategy: Users want apps, and companies want users. The data they connect with has to be secure.
  • Unified Security for APIs, Apps, and Mobile: Alistair Farquharson, CTO of SOA Software, describes issues and opportunities with private APIs that enable enterprise applications to communicate and transact with one another.
  • Mobile Application Gateway: our solution for externalizing applications, services and data for mobile consumption.
  • Unified Security for Mobile, APIs and the Web: This presentation explains the varioius security scenarios for your mobile and Web applications, and APIs. We go into the specifics of OAuth, SAML, SSO, authentication/authorization, policy, protection and a host of other related issues that will help you understand how to keep your data secure.