Cloud 101CircleEventsBlog
CSA's Continuous Audit Metrics Working Group is expanding! Help shape the future of cloud assurance.

Download Publication

Security Guidelines for Providing and Consuming APIs
Security Guidelines for Providing and Consuming APIs

Security Guidelines for Providing and Consuming APIs

Release Date: 04/30/2021

In modern application workloads, organizations are often required to integrate their application with other parties such as Software-as-a-Service (SaaS) providers, customers applications, and business partners. These integrations may vary from granting one-time read access to ongoing static data consumption, to exposure of APIs or application components to a 3rd party provider. 

The purpose of this document is to provide a framework for securely connecting external entities such as customers or third parties. The document provides a usable list of security considerations in order to estimate the risk involved with the specific connectivity (first part of the document) and a technical checklist for the implementation of security controls (second part of the document).

Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
Related resources
IoT Controls Matrix v3
IoT Controls Matrix v3
Guide to the IoT Controls Matrix v3
Guide to the IoT Controls Matrix v3
Disaster Recovery as a Service
Disaster Recovery as a Service
What is the Shared Responsibility Model in the Cloud?
What is the Shared Responsibility Model in the Cloud?
Published: 01/25/2024
Clarifying 10 Cybersecurity Terms
Clarifying 10 Cybersecurity Terms
Published: 01/19/2024
Cybersecurity 101: 10 Types of Cyber Attacks to Know
Cybersecurity 101: 10 Types of Cyber Attacks to Know
Published: 01/11/2024
What is Cloud Security: 15 Essential Cloud Security Terms
What is Cloud Security: 15 Essential Cloud Security Terms
Published: 12/01/2023

Acknowledgements

Michael Roza
Michael Roza
Head of Risk, Audit, Control and Compliance

Michael Roza

Head of Risk, Audit, Control and Compliance

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

John Yeoh
John Yeoh
Global Vice President of Research, CSA

John Yeoh

Global Vice President of Research, CSA

With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...

Read more

Frank Guanco
Frank Guanco
Research Program Manager, CSA

Frank Guanco

Research Program Manager, CSA

This person does not have a biography listed with CSA.

Moshe Ferber
Moshe Ferber
Chairman at Cloud Security Alliance, Israel

Moshe Ferber

Chairman at Cloud Security Alliance, Israel

Moshe Ferber is a recognized industry expert and popular public speaker, with over 20 years’ experience at various positions ranging from the largest enterprises to innovative startups. Currently Ferber focuses on cloud security as certified instructor for CCSK & CCSP certification and participate in various initiative promoting responsible cloud adoption.

Read more

Shahar Geiger Maor Headshot Missing
Shahar Geiger Maor

Shahar Geiger Maor

This person does not have a biography listed with CSA.

Marius Aharonovich Headshot Missing
Marius Aharonovich

Marius Aharonovich

This person does not have a biography listed with CSA.

Oz Avenstein Headshot Missing
Oz Avenstein

Oz Avenstein

This person does not have a biography listed with CSA.

Reuven Harrison Headshot Missing
Reuven Harrison

Reuven Harrison

This person does not have a biography listed with CSA.

Ofer Maor Headshot Missing
Ofer Maor

Ofer Maor

This person does not have a biography listed with CSA.

Eitan Satmary Headshot Missing
Eitan Satmary

Eitan Satmary

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Related Certificates & Training