📣 Good news for all tech enthusiasts! The highly anticipated 2023 State of the API Report, conducted by Postman – one of the leading dev tools for building APIs, is now available. This comprehensive report, produced annually, is backed by an extensive survey and offers a deep dive into the challenges and advancements in the realm of APIs.
In this blog post, we explore the 2023 State of the API Report conducted by Postman to summarize and discuss the challenges and advancements in API security.
Greatest security risks
Let’s kick things off with a spotlight on the greatest API security risks today. Respondents from diverse organizations have voiced their concern, with “Improper authentication, authorization, or access control” emerging as the top worry, cited by an almost two-to-one margin over other risks.
Here are the top 5 API security risks identified:
1. Improper Authentication, Authorization, or Access Control
2. Insecure Data Leaks or Exposure
3. Business-Logic Issues
4. Insufficient Logging and Monitoring
5. Inadequate Access Control
When developers leave
We’re exploring what happens when API developers leave an organization. Respondents have made it clear – outdated documentation is the number one concern. This aligns with data found elsewhere in the survey where lack of documentation was cited as the primary obstacle to consuming an API.
The second significant concern when developers move on is the looming threat of “zombie APIs”. These are APIs that have no owner, lack oversight, or aren’t maintained — sometimes, they’re even forgotten by the company. At their worst, zombie APIs can pose a serious security risk; at best, they deliver a poor user experience.
This aligns with what we witness daily with our customers using the API Discovery and Posture Management feature of the Wallarm platform.
The 2023 API Platform Landscape
As APIs continue to underpin the fabric of modern software, a wide array of tools and services are evolving to accommodate these needs. These solutions span the entirety of the API lifecycle, encapsulating design, testing, and security.
Postman’s 2023 State of the API Report presents a comprehensive view of the current API Platform Landscape. We’re extremely proud to see Wallarm recognized as one of the key API Security solutions within this landscape. This distinction emphasizes our commitment to contributing positively and significantly to the security aspect of the evolving API ecosystem.
In the survey conducted for the 2023 State of the API Report, respondents were asked to pinpoint the top priorities for their development teams and organizations. The undisputed priority, cited by 79% of participants, was the quality of applications, programs, or services being developed. Reliability, agility, and security were the next most important priorities.
When it comes to integrating with an API, certain factors play a decisive role in the decision-making process. According to respondents in the 2023 State of the API Report, performance and security emerged as the top two factors under consideration – just as they were in the previous year.
When organizations decide to integrate with an API, they’re looking for solutions that will not only enhance and streamline their operations but also fortify their defence against potential cyber threats.
Frequency of API security incidents
The 2023 State of the API Report shows an encouraging trend – 56% of respondents reported API-related security incidents occur less than once a year, an improvement from 52% in the previous year. However, the term “security incident” is broad, and our observations at Wallarm show a rising number of attacks and vulnerabilities targeting APIs. This underscores the ongoing necessity for robust API security measures.
Key takeaway from Postman
While the 2023 State of the API Report demonstrates overall improvements in API security, it highlights that some sectors still have significant work to do. While the frequency of incidents has decreased for most respondents, certain sectors, including automotive, education, and retail, reported higher than average rates of monthly incidents. This variance underscores the need for these sectors to prioritize API security and adopt robust measures to reduce vulnerabilities and potential breaches. As API usage continues to grow, the focus on securing these critical digital assets must keep pace across all sectors.