Journal of International Technology and Information Management

Document Type



Businesses and consumers need to have a robust Application Programming Interface (API) management and security program in place to ensure they are using the most updated policies to certify that these transactions are adequately secure. Technology vendors do provide API Management tools for Customers, and there are established API security standards for securing API transactions. Given the effort to keep APIs open and easy to implement for Business to Business (B2B) and Business to Consumer (B2C) communications, security standards must be part of API management.

This research gathered data to investigate why APIs are vulnerable. The research explored the different perspectives among Customers with regards to their own professional experiences with developing private APIs for their organizations and compared it to the Cyber Security Vendor/Supplier segment that offer products and services to assist their Customers with API development, security, and management. The research found that API exploits are usually not detected while they are occurring and perspectives about security readiness are different by IT role. Some basic blocking and tackling fundamentals that can help any organization improve API security management are identified by this research.