We're building something awesome!

API Security Glossary

A comprehensive guide to API security terminology.

API Gateway

A server that acts as an API front-end, receiving API requests, enforcing throttling and security policies, and passing requests to the backend service.

Authentication

The process of verifying the identity of a user, device, or system attempting to access an API.

Authorization

The process of determining what actions an authenticated entity is allowed to perform.

BOLA

Broken Object Level Authorization. A vulnerability where an API fails to verify that the user has permission to access the requested object.

CORS

Cross-Origin Resource Sharing. A security feature that restricts how resources on a web page can be requested from another domain.

CSRF

Cross-Site Request Forgery. An attack that tricks a user into executing unwanted actions on a web application where they are authenticated.

GraphQL

A query language for APIs that allows clients to request exactly the data they need, making it possible to get all required data in a single request.

gRPC

A high-performance RPC framework that uses Protocol Buffers for serialization and HTTP/2 for transport.

IDOR

Insecure Direct Object Reference. A type of access control vulnerability that occurs when an application exposes internal implementation objects.

JWT

JSON Web Token. A compact, URL-safe means of representing claims to be transferred between two parties.

OAuth 2.0

An authorization framework that enables third-party applications to obtain limited access to an HTTP service.

OWASP

Open Web Application Security Project. A nonprofit foundation that works to improve the security of software.

Rate Limiting

A technique used to control the number of requests a client can make to an API within a specified time period.

REST

Representational State Transfer. An architectural style for designing networked applications using HTTP methods.

SOAP

Simple Object Access Protocol. A messaging protocol for exchanging structured information using XML.

SQL Injection

A code injection technique that exploits vulnerabilities in data-driven applications by inserting malicious SQL statements.

SSL/TLS

Secure Sockets Layer / Transport Layer Security. Cryptographic protocols designed to provide secure communication over a network.

WebSocket

A communication protocol that provides full-duplex communication channels over a single TCP connection.

XXE

XML External Entity. A vulnerability that occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

Put Your Knowledge to Work

Start testing your APIs with Defensaq and apply these concepts.

Start Free Trial