API Design Security - I
Explore the essential concepts of API design security, including authentication and authorization, encryption protocols such as TLS, input validation techniques, and Cross-Origin Resource Sharing (CORS). Understand how to mitigate common attack vectors and protect sensitive data throughout client-server communication.
API security fundamentals
With API usage growing exponentially, API exploitation has become a key attack
Consider an API like Spotify using Google for authentication: What protocols ensure sign-in credentials aren't intercepted? What information should be shared between applications to authenticate a user? Answering these questions requires understanding authentication, authorization, encryption, and access control. As digital
Distributed denial of service: Multiple machines overload a target with requests, typically via a
, disrupting normal operations.botnet A botnet is a group of exploited machines altered by malware. Such machines combine to create a network of bots to work on an attacker's agenda. Insufficient authentication: Inadequately authenticated clients allow bogus or malicious calls that compromise access control.
Injection: Malicious code entered into the system (commonly via cross-site scripting or SQL injection) endangers data and access control.
Exposed data in API calls: Attackers intercept transmissions and impersonate a party (a person-in-the-middle attack), gaining unauthorized data access.
The diagram below illustrates where these attacks may originate:
No API is perfectly secure; APIs must be scalable enough to incorporate new security mechanisms over time.
The process of API security
Security is most cost-effective when considered at the inception of API design rather than retrofitted later. The key aspects of designing a secure API are illustrated below:
Assets
Assets are the sensitive data and entities that require protection: physical devices (application servers, caching servers, databases) and digital entities (stored data). Failure to protect them can lead to reputational and financial damage, which motivates defining clear security goals.
Security goals
The CIA triad is the foundational security model that establishes the groundwork for design principles and implementations.
The three factors are:
Confidentiality: Ensures that only authenticated users access relevant information, enforcing secrecy and privacy.
Integrity: Guarantees that information is accurate, reliable, and unaltered, whether from intentional modification or transmission corruption.
Availability: Ensures that validated users have consistent access to resources through continuously functioning servers, machines, and applications.
What is a real-life example that highlights all three principles of the CIA triad?
Note: Although the CIA principles are the most widely used, other goals, such as accountability and nonrepudiation, can be helpful in other contexts.
Threat modeling
Defining the threats that an API faces in its operating environment is imperative. Public-facing APIs inherently provide attack surfaces, and these surfaces grow as API usage becomes more common. The set of threats relevant to an API constitutes its threat model, which can be classified using the STRIDE acronym, as expanded in the table below:
STRIDE Acronym
Class | Threat |
Spoofing | Impersonating a user |
Tampering | Unauthorized users altering data |
Repudiation | The ability to deny that an action took place or that a communication occurred |
Information disclosure | Leaking private information |
Denial of service | Denying services to authorized users |
Elevation of privilege | Obtaining unauthorized privileges |
What is a famous example of a STRIDE attack?
The threat modeling process:
Create a system diagram that highlights primary entities (clients and endpoints) and identify the
for each component.trust boundaries A trust boundary is defined as the area in which all encompassed entities trust each other. Identify information flow between entities, modeled as directed arrows.
For each trust boundary, map potential threats to security goals using the STRIDE model.
Select mechanisms to combat identified threats and record them for tracking throughout the development life cycle.
An example threat modeling diagram:
Note: The API and database have separate trust boundaries to prevent a compromised API from accessing sensitive database information.
The nature of the API dictates the security emphasis: an API that handles sensitive user data demands stricter measures than one that serves public data. Threat modeling uncovers system gaps and helps you direct defenses toward ...