Membership
Become a Member
Enterprises
Solution Providers
Current Members
Solution Providers
Affiliates
Assurance
STAR Program
STAR Levels
View Registry
Submit to Registry
Provide Feedback
GDPR Code of Conduct for STAR
STAR Resources
CAIQ
Cloud Controls Matrix
GDPR Code of Conduct
CAIQ-Lite
CSA-OneTrust VRM Tool
GDPR
Download the Code of Conduct
Submit Code of Conduct to the Registry
Resource Center
Global Consultancy
Become a Consulting Partner
Find a Consulting Service
Certificates & Training
Certificates
CCSK
CCAK
Trainings
CCAK (Coming Soon)
CCSK Lectures
CCSK Lectures + Labs
Advanced Cloud Security Practitioner
Register for Training
For Individuals
For Enterprises
Instructors
Become an Instructor
Training Partners
Become a Training Partner
Webinars
Cloudbytes
Research
GDPR
Events
Americas
APAC
EMEA
Research
What We Do
Research Working Groups
CSA Research Lifecycle
Research Publications
Security Guidance v4
Cloud Controls Matrix (CCM)
IoT Framework
Contribute
Open Peer Reviews
Surveys
Volunteer FAQ
Ron Knode Award
Working Groups
Internet of Things
DevSecOps
Software Defined Perimeter
Blockchain
Cloud Controls Matrix
EMEA Projects
APAC Projects
Community
About Circle
Create an Account
Login to Circle
How To Get Started
Blog
Events
Americas
APAC
EMEA
Chapters
Global Chapters
Form a Chapter
About
About CSA
Board
History
CSA Staff
CSA EMEA
Press Releases
News Coverage

Publication Peer Review

Home
Publications
Security Guidelines for Providing and Consuming APIs
Security Guidelines for Providing and Consuming APIs

Security Guidelines for Providing and Consuming APIs

In modern application workloads, organizations are often required to integrate their application with other parties such as Software-as-a-Service (SaaS) providers, customers applications, and business partners. These integrations may vary from granting one-time read access to ongoing static data consumption, to exposure of APIs or application components to a 3rd party provider. 

The purpose of this document is to provide a framework for securely connecting external entities such as customers or third parties. The document provides a usable list of security considerations in order to estimate the risk involved with the specific connectivity (first part of the document) and a technical checklist for the implementation of security controls (second part of the document).

Request to Participate

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).