Open Access Open Access  Restricted Access Subscription or Fee Access

Securing API Using API Gateway

Arpita Gangrade, Bhawna Nigam


Like traditional local APIs, web service APIs (web APIs for short) evolve, bringing new and improved functionality as well as insecurities. The Application Programming Interface (API) may be longstanding theory but it’s the one that is going through transformations. Enterprises have a decent impact on the line, including reputation, guideline and the concurrent needs of partners, customers, shareholders, and employees. As driven by cloud and mobile hungers, everyday organizations are opening their information assets to external developers. API publishing must be dealt with excessive care by enterprises. In this paper, we report an approach to provide security to API to address this issue. We analyzed the three popular attack vectors which act as threat to APIs and carefully studied how API Gateway can be used to secure the existing APIs. Our findings are threefold: 1) We examine the major vulnerabilities in an API; 2) We identify the Security solution by the means of API Gateway; 3) We examine the different tools used for API Management, to give Web and IT managers and enterprise architects vital facts and figures for selecting an API Management solution.


API Security, Web Application Security, Web Service API Evolution.

Full Text:



Jun Li, Yingfei Xiong, Xuanzhe Liu, Lu Zhang, “How Does Web Service API Evolution Affect Clients?” 2013 IEEE 20th International Conference on Web Services.

Serkan Özkan, Security Consultant,, The ultimate security vulnerability data source, Vulnerability by Type & Date.

Scott Morrison, CA Technologies, EBook on “Five Simple Strategies for Securing APIs,”

CA Technologies, EBook on “5 Pillars of API management,”

EReport , “The Forrester Wave: API Management Platforms,” February 2013, "2013 Data Breach Investigations Report," [Accessed: Jan. 12, 2014]. (General Internet site)

White paper on “Choosing the Right API Management Solution for the Enterprise User”, Published: 23 Sep 2014, online on link:

White paper on “Protecting Your APIs against Attack and Hijack”, online on:, (General Internet site). - Your Information Portal, online on:

Int. J. Advanced Networking and Applications, 2014, “Building Applications with Social Networking API’s”,

“What is an API”,

Arun Bhattacharya, “Seven Ways to Create an Unbeatable Enterprise Mobility Strategy”, Online on:


CA Technologies E-Report on, “API Security and Threat Protection”, online on:

“Seven Steps to Create an Unbeatable Enterprise Mobility Strategy”,


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.