Chandramouli, R.
and Butcher, Z.
(2025),
Guidelines for API Protection for Cloud-Native Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-228, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=960213
(Accessed June 30, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guidelines for API Protection for Cloud-Native Systems
Published
Author(s)
, Zack Butcher
Abstract
Modern enterprise IT systems rely on a family of application programming interfaces (APIs) for integration to support organizational business processes. Hence, a secure deployment of APIs is critical for overall enterprise security. This, in turn, requires the identification of risk factors or vulnerabilities in various phases of the API life cycle and the development of controls or protection measures. This document addresses the following aspects of achieving that goal: (a) the identification and analysis of risk factors or vulnerabilities during various activities of API development and runtime, (b) recommended basic and advanced controls and protection measures during the pre-runtime and runtime stages of APIs, and (c) an analysis of the advantages and disadvantages of various implementation options for those controls to enable security practitioners to adopt an incremental, risk-based approach to securing their APIs.Citation
Special Publication (NIST SP) - 800-228
Report Number
800-228
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
API, API endpoint, API gateway, API key, API schema, web application firewall.
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created June 27, 2025