API Security: More than just a throttling policy
API Management promises a nirvana of exposing data using well-known and simple techniques. Vendors focus on how easy it is to create the APIs and nearly always mention security as part of the API Lifecycle. Yet, we've all seen the headlines screaming the latest security breach so, what does Security really mean when it comes to API Management? In this post I try to differentiate the basic policies that all vendors discuss from the many other attack vectors that we need to be aware of.