https://apicoding.com/tags/api-security/ Recent content in API Security on API Coding Hugo en-us Mon, 16 Feb 2026 00:00:00 +0000 https://apicoding.com/2026/02/16/owasp-api-security-top-10-the-vulnerabilities-shipping-in-production-right-now/ Mon, 16 Feb 2026 00:00:00 +0000 https://apicoding.com/2026/02/16/owasp-api-security-top-10-the-vulnerabilities-shipping-in-production-right-now/ <p>The OWASP API Security Top 10 is updated periodically based on analysis of real API vulnerabilities in production systems. The list is not theoretical. The vulnerabilities it documents are the ones that security researchers find in bug bounty programs, that appear in breach disclosures, and that affect applications built by teams that considered security during development. Their persistence on the list across multiple editions reflects the difficulty of eliminating them in complex systems, not a lack of awareness that they exist.</p> https://apicoding.com/2025/10/20/rate-limiting-is-not-optional-and-most-implementations-are-wrong/ Mon, 20 Oct 2025 00:00:00 +0000 https://apicoding.com/2025/10/20/rate-limiting-is-not-optional-and-most-implementations-are-wrong/ <p>Rate limiting is one of the few API design decisions where the failure mode is existential rather than merely inconvenient. An API without rate limiting is an API that can be brought down by a single misbehaving consumer, whether that consumer is a customer with a buggy retry loop, a competitor running a data extraction operation, or an attacker attempting a denial of service. The argument for implementing rate limiting is not about fairness or monetization tiers, though it serves both. It is about operational survival.</p>