API Security

API Security Triad

1. Confidentiality — Assets can only be accessed by authorized people.
2. Integrity — Prevent unauthorized creation, modification, or deletion of information.
3. Availability — Ensure legitimate users can access resources when they need them.

---

Threat Modeling

Threat modeling is the process of identifying and evaluating threats and weaknesses in a system. Systematically thinking through potential threats increases the security of APIs.

STRIDE — Threat categories:

1. Spoofing
2. Tampering
3. Repudiation
4. Information Disclosure
5. Denial of Service
6. Elevation of Privilege

---

Security Mechanisms

1. Encryption
2. Authentication
3. Access Control & Authorization
4. Audit Logging
5. Rate Limiting