Author(s): Thomas Chappell
Mentor(s): Sayeed Sajal
Institution UVU
APIs (Application Programming Interfaces) have proven themselves invaluable in the software industry as an easy way for cloud services to communicate. Functionality can be outsourced to servers outside of the system and relevant information can be communicated on an as-needed basis through easily accessible channels. However, the versatility of APIs is a two-edged sword – high accessibility of information leads to high vulnerability. Some of the security vulnerabilities manifest themselves in the form of unauthorized access to sensitive data and workflows. This can include weak authorization and authentication, lack of input validation from data returned from APIs, and unrestricted access to sensitive business flows. Additionally, excessive permissions are a common pitfall of startups, who often see security as an afterthought when designing APIs, relying on the relative obscurity of their platform to maintain security. These problems, if left unchecked, can severely negatively impact a software’s tech stack. In an exploration of this field, this paper seeks to answer the following questions: 1) what patterns exist with API usage generally, 2) what the most significant challenges are related to third-party APIs, and 3) how current methods can be improved to decrease vulnerabilities. A surveying of current use of APIs, especially by tech startups, is presented and an attempt at improving the current model of usage is presented. This paper aims to improve understanding of Application Programming Interfaces and do something in the way of balancing their high usability with insecurity.”