API

This is the abbreviation for Application Programming Interface, which literally translates as ‘interface for programming applications’. In German, the term ‘Programmschnittstelle’ is generally used. Such an interface enables two programmes to communicate with one another.

What exactly does API stand for?

Information is exchanged via an API, an interface. This can include data or commands, for example. Communication via an API takes place at the source code level, i.e. in a programming language.
APIs enable access to a database or a hard drive, for example. APIs are used to transfer data from one system to another. Data is exchanged between your smartphone and an IoT device, such as a fitness tracker, via APIs.
APIs are also used for data exchange on the internet. For example, when you visit a website, your web browser connects to its server via an API. This server sends the website’s data to your browser via an API.
APIs are relevant in several ways when it comes to your company’s cybersecurity:

• As interfaces to your system, APIs potentially provide access to company data. These interfaces must therefore be secured against unauthorised access.
• Programmes receive commands via APIs. Securing APIs also reduces the risk of programmes being remotely controlled by cybercriminals.
• Data exchanged between APIs can be encrypted or unencrypted. Encrypted data cannot be read by unauthorised third parties, even if they manage to intercept or eavesdrop on it during transmission.
• Cybercriminals attempt to manipulate APIs through a wide variety of attack vectors. In addition to specific security measures for the APIs, it is therefore important to reduce your overall cyber risk.

Wo begegne ich diesem Problem in meiner täglichen Arbeit?

• You come across it almost constantly without even realising it. For example:
• As soon as you use a programme that isn’t produced by the manufacturer of your operating system. APIs make it possible to integrate programmes such as Adobe Acrobat into a Windows operating system.
• When you import data from one programme to another, for example from a till system into a report.

What can I do to improve my security?

Consult experts to review and optimise the security of your system’s APIs. Given the wide variety of APIs, different measures are recommended. Here are a few examples:

• Strict authentication processes that are as secure as possible
• Encryption of data transmissions
• Monitoring of requests and data traffic
• Route all API traffic through a so-called API gateway

Attacks on APIs can take a wide variety of forms. For example, they can occur via email through malware hidden in an attachment, via keyloggers, through social engineering, or via a workstation left unattended for a short period. Consequently, virtually all measures taken to reduce your cyber risk also serve to protect your APIs. Raising awareness among your staff plays a key role in this regard.