DEV Community

loading...

Discussion on: We Need To Talk About API Security

Collapse
kallmanation profile image
Nathan Kallman

Yes! Too many developers see web APIs as another interface between areas of the code little different to a function call or an object.

A Web API doesn't support the front-end, it is the front-end (at least when it comes to security and logical control).

We must assume that if it can be done, at some point it will be done... if something is behaviorally important, the mechanisms of the API should actually enforce the behavior, not just allow the behavior.

Collapse
bytebodger profile image