Download Publication

Security Guidelines for Providing and Consuming APIs
Security Guidelines for Providing and Consuming APIs

Security Guidelines for Providing and Consuming APIs

Release Date: 04/30/2021

In modern application workloads, organizations are often required to integrate their application with other parties such as Software-as-a-Service (SaaS) providers, customers applications, and business partners. These integrations may vary from granting one-time read access to ongoing static data consumption, to exposure of APIs or application components to a 3rd party provider. 

The purpose of this document is to provide a framework for securely connecting external entities such as customers or third parties. The document provides a usable list of security considerations in order to estimate the risk involved with the specific connectivity (first part of the document) and a technical checklist for the implementation of security controls (second part of the document).

Help CSA better understand how we can support the cloud community. Answer a couple of questions to download this resource.

In my current job I work in:

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

You’ve made safer cloud computing possible.

Download
Provide feedback on this form

CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.

By opting into this agreement I am indicating that I want to receive email updates from CSA on related projects. (Marketing purposes, Section 3 of the Privacy Policy).

Download
Provide feedback on this form

Acknowledgements

Michael Roza Headshot
Michael Roza
Michael Roza

Risk, Audit, Control and Compliance Professional

Michael Roza is a risk, audit, control and compliance professional with 20-plus years of experience with organizations such as Bridgestone EMEA, Komatsu International, Mitsui Novus International, Johnson and Johnson Inc., and Baxter, Inc. Within CSA, he has served as lead author/contributor for 11 projects completed by CSA’s Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, and Software-Defined P...

Read more