Circle
Events
Blog

Download Publication

Security Guidelines for Providing and Consuming APIs
Security Guidelines for Providing and Consuming APIs

Security Guidelines for Providing and Consuming APIs

Release Date: 04/30/2021

In modern application workloads, organizations are often required to integrate their application with other parties such as Software-as-a-Service (SaaS) providers, customers applications, and business partners. These integrations may vary from granting one-time read access to ongoing static data consumption, to exposure of APIs or application components to a 3rd party provider. 

The purpose of this document is to provide a framework for securely connecting external entities such as customers or third parties. The document provides a usable list of security considerations in order to estimate the risk involved with the specific connectivity (first part of the document) and a technical checklist for the implementation of security controls (second part of the document).

Download this Resource

LoginCreate Account

Prefer to access this resource without an account? Download it now.

Acknowledgements

Michael Roza Headshot
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 85 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud Key M...

Read more

John Yeoh Headshot
John Yeoh
Global Vice President of Research, CSA

John Yeoh

Global Vice President of Research, CSA

With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...

Read more

Frank Guanco Headshot
Frank Guanco
Research Program Manager, CSA

Frank Guanco

Research Program Manager, CSA

This person does not have a biography listed with CSA.

Moshe Ferber Headshot Missing
Moshe Ferber

Moshe Ferber

Moshe Ferber is a recognized industry expert and popular public speaker, with over 20 years’ experience at various positions ranging from the largest enterprises to innovative startups. Currently Ferber focuses on cloud security as certified instructor for CCSK & CCSP certification and participate in various initiative promoting responsible cloud adoption.

Read more

Todd Edison Headshot
Todd Edison
Chapter Relations Manager, CSA

Todd Edison

Chapter Relations Manager, CSA

This person does not have a biography listed with CSA.

Shahar Geiger Maor Headshot Missing
Shahar Geiger Maor

Shahar Geiger Maor

This person does not have a biography listed with CSA.

Marius Aharonovich Headshot Missing
Marius Aharonovich

Marius Aharonovich

This person does not have a biography listed with CSA.

Oz Avenstein Headshot Missing
Oz Avenstein

Oz Avenstein

This person does not have a biography listed with CSA.

Reuven Harrison Headshot Missing
Reuven Harrison

Reuven Harrison

This person does not have a biography listed with CSA.

Ofer Maor Headshot Missing
Ofer Maor

Ofer Maor

This person does not have a biography listed with CSA.

Eitan Satmary Headshot Missing
Eitan Satmary

Eitan Satmary

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.