{"id":6290,"date":"2022-11-25T17:32:27","date_gmt":"2022-11-25T17:32:27","guid":{"rendered":"https:\/\/sajinshivdas.com\/security\/?p=6290"},"modified":"2023-03-27T08:31:20","modified_gmt":"2023-03-27T08:31:20","slug":"api-security-checklist","status":"publish","type":"post","link":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/","title":{"rendered":"API Security Checklist"},"content":{"rendered":"[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/2&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]<a href=\"#Authentication\">Authentication<\/a><\/p>\n<p><a href=\"#JWT\">JWT (JSON Web Token)<\/a><\/p>\n<p><a href=\"#Access\">Access<\/a><\/p>\n<p><a href=\"#Authorization OAuth\">Authorization OAuth<\/a><\/p>\n<p><a href=\"#Input\">Input<\/a><\/p>\n<p><a href=\"#Processing\">Processing<\/a><\/p>\n<p><a href=\"#Output\">Output<\/a><\/p>\n<p><a href=\"#CI &amp; CD\">CI &amp; CD<\/a><\/p>\n<p><a href=\"#Monitoring\">Monitoring<\/a>[\/vc_column_text][\/vc_column][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/2&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<h2>API Security Checklist<\/h2>\n[\/vc_column_text][vc_column_text]\n<p><em><strong>Checklist of the most important security countermeasures when designing, testing, and releasing your API.<\/strong><\/em><\/p>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Authentication&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][divider line_type=&#8221;No Line&#8221; custom_height=&#8221;10&#8243;][heading]\n<h2>Authentication<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Don&#8217;t use <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Basic Auth<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">. Use standard authentication instead (e.g., <\/span><a href=\"https:\/\/jwt.io\/\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">JWT<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Don&#8217;t reinvent the wheel in <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Authentication<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">token generation<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">password storage<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">. Use the standards.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Use <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Max Retry<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> and jail features in Login.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use encryption on all sensitive data.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;JWT&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][heading]\n<h2>JWT (JSON Web Token)<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Use a random complicated key (<\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">JWT Secret<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">) to make brute forcing the token very hard.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Don&#8217;t extract the algorithm from the header. Force the algorithm in the backend (<\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">HS256<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> or <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">RS256<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Make token expiration (<\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">TTL<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">RTTL<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">) as short as possible.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Don&#8217;t store sensitive data in the JWT payload, it can be decoded <\/span><a href=\"https:\/\/jwt.io\/#debugger-io\"><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">easily<\/span><\/a><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Avoid storing too much data. JWT is usually shared in headers and they have a size limit.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Access&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][heading]\n<h2>Access<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Limit requests (Throttling) to avoid DDoS \/ brute-force attacks.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use HTTPS on server side with TLS 1.2+ and secure ciphers to avoid MITM (Man in the Middle Attack).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Use <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">HSTS<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> header with SSL to avoid SSL Strip attacks.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Turn off directory listings.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">For private APIs, allow access only from whitelisted IPs\/hosts.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Authorization OAuth&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][heading]\n<h2>Authorization OAuth<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Always validate <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">redirect_uri<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> server-side to allow only whitelisted URLs.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Always try to exchange for code and not tokens (don&#8217;t allow <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">response_type=token<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Use <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">state<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> parameter with a random hash to prevent CSRF on the OAuth authorization process.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Define the default scope, and validate scope parameters for each application.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Input&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][heading]\n<h2>Input<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Use the proper HTTP method according to the operation: <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">GET (read)<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">POST (create)<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">PUT\/PATCH (replace\/update)<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, and <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">DELETE (to delete a record)<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, and respond with <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">405 Method Not Allowed<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> if the requested method isn&#8217;t appropriate for the requested resource.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Validate <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">content-type<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> on request Accept header (Content Negotiation) to allow only your supported format (e.g., <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">application\/xml<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">application\/json<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, etc.) and respond with <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">406 Not Acceptable<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> response if not matched.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Validate <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">content-type<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> of posted data as you accept (e.g., <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">application\/x-www-form-urlencoded<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">multipart\/form-data<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">application\/json<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, etc.).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Validate user input to avoid common vulnerabilities (e.g., <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">XSS<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">SQL-Injection<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Remote Code Execution<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, etc.).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Don&#8217;t use any sensitive data (<\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">credentials<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Passwords<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">security tokens<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, or <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">API keys<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">) in the URL, but use standard Authorization header.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use only server-side encryption.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Use an API Gateway service to enable caching, Rate Limit policies (e.g., <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Quota<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Spike Arrest<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, or <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Concurrent Rate Limit<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">) and deploy APIs resources dynamically.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Processing&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][heading]\n<h2>Processing<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Check if all the endpoints are protected behind authentication to avoid broken authentication process.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">User own resource ID should be avoided. Use <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">\/me\/orders<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> instead of <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">\/user\/654321\/orders<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Don&#8217;t auto-increment IDs. Use <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">UUID<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> instead.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">If you are parsing XML data, make sure entity parsing is not enabled to avoid <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">XXE<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> (XML external entity attack).<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">If you are parsing XML, YAML or any other language with anchors and refs, make sure entity expansion is not enabled to avoid <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Billion Laughs\/XML bomb<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> via exponential entity expansion attack.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use a CDN for file uploads.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">If you are dealing with huge amount of data, use Workers and Queues to process as much as possible in background and return response fast to avoid HTTP Blocking.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Do not forget to turn the DEBUG mode OFF.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use non-executable stacks when available.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Output&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][heading]\n<h2>Output<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Send <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">X-Content-Type-Options: nosniff<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> header.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Send <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">X-Frame-Options: deny<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> header.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Send <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Content-Security-Policy: default-src &#8216;none&#8217;<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> header.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Remove fingerprinting headers &#8211; <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">X-Powered-By<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">Server<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">X-AspNet-Version<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, etc.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Force <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">content-type<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> for your response. If you return <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">application\/json<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, then your <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">content-type<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\"> response is <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">application\/json<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Don&#8217;t return sensitive data like <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">credentials<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">passwords<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, or <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">security tokens<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">Return the proper status code according to the operation completed. (e.g., <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">200 OK<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">400 Bad Request<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">401 Unauthorized<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, <\/span><span lang=\"en-US\" style=\"font-family: Calibri; font-size: 11.0pt;\">405 Method Not Allowed<\/span><span lang=\"en-AE\" style=\"font-family: Calibri; font-size: 11.0pt;\">, etc.).<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;CI &amp; CD&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][heading]\n<h2>CI &amp; CD<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Audit your design and implementation with unit\/integration tests coverage.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use a code review process and disregard self-approval.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Ensure that all components of your services are statically scanned by AV software before pushing to production, including vendor libraries and other dependencies.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Continuously run security tests (static\/dynamic analysis) on your code.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Check your dependencies (both software and OS) for known vulnerabilities.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Design a rollback solution for deployments.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; id=&#8221;Monitoring&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221; gradient_type=&#8221;default&#8221; shape_type=&#8221;&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][heading]\n<h2>Monitoring<\/h2>\n[\/heading][vc_column_text]\n<ul>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use centralized logins for all services and components.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use agents to monitor all traffic, errors, requests, and responses.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use alerts for SMS, Slack, Email, Telegram, Kibana, Cloudwatch, etc.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Ensure that you aren&#8217;t logging any sensitive data like credit cards, passwords, PINs, etc.<\/span><\/li>\n<li style=\"margin-top: 0; margin-bottom: 0; vertical-align: middle;\"><span style=\"font-family: Calibri; font-size: 11.0pt;\">Use an IDS and\/or IPS system to monitor your API requests and instances.<\/span><\/li>\n<\/ul>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221; phone_text_alignment=&#8221;default&#8221; background_color_opacity=&#8221;1&#8243; background_hover_color_opacity=&#8221;1&#8243; column_backdrop_filter=&#8221;none&#8221; column_shadow=&#8221;none&#8221; column_border_radius=&#8221;none&#8221; column_link_target=&#8221;_self&#8221; column_position=&#8221;default&#8221; gradient_direction=&#8221;left_to_right&#8221; overlay_strength=&#8221;0.3&#8243; width=&#8221;1\/1&#8243; tablet_width_inherit=&#8221;default&#8221; animation_type=&#8221;default&#8221; bg_image_animation=&#8221;none&#8221; border_type=&#8221;simple&#8221; column_border_width=&#8221;none&#8221; column_border_style=&#8221;solid&#8221;][vc_column_text]\n<p><em>NOTE: Special Thanks to <span class=\"author flex-self-stretch\"> <a class=\"url fn\" href=\"https:\/\/github.com\/shieldfy\" rel=\"author\" data-hovercard-type=\"organization\" data-hovercard-url=\"\/orgs\/shieldfy\/hovercard\" data-octo-click=\"hovercard-link-click\" data-octo-dimensions=\"link_type:self\">shieldfy<\/a>\u00a0 <\/span>for the API Security Checklist<\/em><\/p>\n[\/vc_column_text][\/vc_column][\/vc_row]\n","protected":false},"excerpt":{"rendered":"<p>[vc_row type=&#8221;in_container&#8221; full_screen_row_position=&#8221;middle&#8221; column_margin=&#8221;default&#8221; column_direction=&#8221;default&#8221; column_direction_tablet=&#8221;default&#8221; column_direction_phone=&#8221;default&#8221; scene_position=&#8221;center&#8221; text_color=&#8221;dark&#8221; text_align=&#8221;left&#8221; row_border_radius=&#8221;none&#8221; row_border_radius_applies=&#8221;bg&#8221; overflow=&#8221;visible&#8221; overlay_strength=&#8221;0.3&#8243; gradient_direction=&#8221;left_to_right&#8221; shape_divider_position=&#8221;bottom&#8221; bg_image_animation=&#8221;none&#8221;][vc_column column_padding=&#8221;no-extra-padding&#8221; column_padding_tablet=&#8221;inherit&#8221; column_padding_phone=&#8221;inherit&#8221; column_padding_position=&#8221;all&#8221; column_element_direction_desktop=&#8221;default&#8221; column_element_spacing=&#8221;default&#8221; desktop_text_alignment=&#8221;default&#8221; tablet_text_alignment=&#8221;default&#8221;&#8230;<\/p>\n","protected":false},"author":1,"featured_media":6298,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,4],"tags":[43,30],"class_list":{"0":"post-6290","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-audit-and-complaince","8":"category-cyber-security","9":"tag-checklist","10":"tag-cyber-security"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>API Security Checklist - Sajin Shivdas | Cybersecurity<\/title>\n<meta name=\"description\" content=\"Authentication JWT (JSON Web Token) Access Authorization OAuth Input Processing Output CI &amp; CD Monitoring API Security Checklist Checklist of the most\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"API Security Checklist - Sajin Shivdas | Cybersecurity\" \/>\n<meta property=\"og:description\" content=\"Authentication JWT (JSON Web Token) Access Authorization OAuth Input Processing Output CI &amp; CD Monitoring API Security Checklist Checklist of the most\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/\" \/>\n<meta property=\"og:site_name\" content=\"Sajin Shivdas | Cybersecurity\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-25T17:32:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-27T08:31:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/25561272_7044158.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"2000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sajin Shivdas\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sajin Shivdas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/\"},\"author\":{\"name\":\"Sajin Shivdas\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"headline\":\"API Security Checklist\",\"datePublished\":\"2022-11-25T17:32:27+00:00\",\"dateModified\":\"2023-03-27T08:31:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/\"},\"wordCount\":2734,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"image\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/25561272_7044158.jpg\",\"keywords\":[\"Checklist\",\"Cyber Security\"],\"articleSection\":[\"Audit and Complaince\",\"Cyber Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/\",\"name\":\"API Security Checklist - Sajin Shivdas | Cybersecurity\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/25561272_7044158.jpg\",\"datePublished\":\"2022-11-25T17:32:27+00:00\",\"dateModified\":\"2023-03-27T08:31:20+00:00\",\"description\":\"Authentication JWT (JSON Web Token) Access Authorization OAuth Input Processing Output CI &amp; CD Monitoring API Security Checklist Checklist of the most\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/25561272_7044158.jpg\",\"contentUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2022\\\/11\\\/25561272_7044158.jpg\",\"width\":2000,\"height\":2000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/api-security-checklist\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"API Security Checklist\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#website\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/\",\"name\":\"sajinshivdas.com\",\"description\":\"Cybersecurity - Information security Resources, Articles and Latest News\",\"publisher\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\"},\"alternateName\":\"Sajin Shivdas\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/#\\\/schema\\\/person\\\/af1d121cbedd3ce64369f21a359ff2e6\",\"name\":\"Sajin Shivdas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"url\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"contentUrl\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\",\"width\":1000,\"height\":500,\"caption\":\"Sajin Shivdas\"},\"logo\":{\"@id\":\"https:\\\/\\\/sajinshivdas.com\\\/cybersecurity\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png\"},\"sameAs\":[\"http:\\\/\\\/sajinshivdas.com\\\/security\",\"www.linkedin.com\\\/in\\\/sajin-shivdas\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"API Security Checklist - Sajin Shivdas | Cybersecurity","description":"Authentication JWT (JSON Web Token) Access Authorization OAuth Input Processing Output CI &amp; CD Monitoring API Security Checklist Checklist of the most","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/","og_locale":"en_US","og_type":"article","og_title":"API Security Checklist - Sajin Shivdas | Cybersecurity","og_description":"Authentication JWT (JSON Web Token) Access Authorization OAuth Input Processing Output CI &amp; CD Monitoring API Security Checklist Checklist of the most","og_url":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/","og_site_name":"Sajin Shivdas | Cybersecurity","article_published_time":"2022-11-25T17:32:27+00:00","article_modified_time":"2023-03-27T08:31:20+00:00","og_image":[{"width":2000,"height":2000,"url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/25561272_7044158.jpg","type":"image\/jpeg"}],"author":"Sajin Shivdas","twitter_misc":{"Written by":"Sajin Shivdas","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/#article","isPartOf":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/"},"author":{"name":"Sajin Shivdas","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"headline":"API Security Checklist","datePublished":"2022-11-25T17:32:27+00:00","dateModified":"2023-03-27T08:31:20+00:00","mainEntityOfPage":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/"},"wordCount":2734,"commentCount":0,"publisher":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"image":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/25561272_7044158.jpg","keywords":["Checklist","Cyber Security"],"articleSection":["Audit and Complaince","Cyber Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/","url":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/","name":"API Security Checklist - Sajin Shivdas | Cybersecurity","isPartOf":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/#primaryimage"},"image":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/#primaryimage"},"thumbnailUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/25561272_7044158.jpg","datePublished":"2022-11-25T17:32:27+00:00","dateModified":"2023-03-27T08:31:20+00:00","description":"Authentication JWT (JSON Web Token) Access Authorization OAuth Input Processing Output CI &amp; CD Monitoring API Security Checklist Checklist of the most","breadcrumb":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/#primaryimage","url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/25561272_7044158.jpg","contentUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2022\/11\/25561272_7044158.jpg","width":2000,"height":2000},{"@type":"BreadcrumbList","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/api-security-checklist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sajinshivdas.com\/cybersecurity\/"},{"@type":"ListItem","position":2,"name":"API Security Checklist"}]},{"@type":"WebSite","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#website","url":"https:\/\/sajinshivdas.com\/cybersecurity\/","name":"sajinshivdas.com","description":"Cybersecurity - Information security Resources, Articles and Latest News","publisher":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6"},"alternateName":"Sajin Shivdas","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sajinshivdas.com\/cybersecurity\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/#\/schema\/person\/af1d121cbedd3ce64369f21a359ff2e6","name":"Sajin Shivdas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","url":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","contentUrl":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png","width":1000,"height":500,"caption":"Sajin Shivdas"},"logo":{"@id":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-content\/uploads\/2023\/01\/5dbd4f42-9550-4c99-82e9-34f3c99a2253.png"},"sameAs":["http:\/\/sajinshivdas.com\/security","www.linkedin.com\/in\/sajin-shivdas"]}]}},"_links":{"self":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts\/6290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/comments?post=6290"}],"version-history":[{"count":0,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/posts\/6290\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/media\/6298"}],"wp:attachment":[{"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/media?parent=6290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/categories?post=6290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajinshivdas.com\/cybersecurity\/wp-json\/wp\/v2\/tags?post=6290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}