Application Programming Interfaces (APIs) are the connective tissue of modern microservices, single-page applications, and mobile apps. Because APIs expose underlying business logic and sensitive data directly to the internet, they are a primary target for attackers.

The controls in this module will guide you through implementing authentication, rate limiting, strict input validation, and API gateway protections to secure your REST and GraphQL architectures.