API: The Attack Surface That Connects Us All

October 28, 2021

Welcome to Akamai’s State of the Internet / Security (SOTI) report, Volume 7, Issue 4. Whether you’ve been reading this report from the beginning or are a new reader, we welcome you and hope our research provides you with intelligence you don’t see elsewhere.

Did you know the first instance of an application programming interface (API) in the wild was created by on February 7, 2000, according to the API Evangelist blog? What was originally meant as a relatively simple system-to-system communication method has evolved into one of the biggest drivers of internet traffic.

We reached out to Chris Eng, Chief Research Officer at Veracode, to ask him to discuss the growth of APIs and the vulnerabilities they expose organizations to. Chris started in security around the time the first API was written, and because of Veracode’s role in the application security space, he has a deep understanding of the topic. Unsurprisingly, Chris sees significant parallels between the early days of software development and the current state of API traffic.

We believe attacks on APIs are underdetected — and underreported when they are detected — making them one of the biggest threats organizations face. DDoS attacks and ransomware are both major issues, and they’re both in the news today because their impact is so immediate and visible. The attacks on APIs don’t receive the same level of attention, in large part because criminals use APIs in ways that lack the splash of a well-executed ransomware attack.

Our drive to evolve the SOTI report has always been one of our key strengths. We want to continue to push ourselves to bring to the forefront new research and interesting ideas that haven’t been seen before. We plan on using data sources from across a broad spectrum, including the intelligence gathered by partners like Veracode. We look forward to learning more about what’s really happening in the darkness surrounding APIs and sharing the intelligence with you.

Martin McKeay
Editorial Director

Price: FREE

About the Provider

Akamai Technologies
Akamai Technologies, Inc. is an American content delivery network, cybersecurity, and cloud service provider headquartered in Cambridge, Massachusetts, in the United States.


APIs, Application Programming Interfaces, Internet, security