Require that every API validates all incoming data against its schema before acting on it, so I want types, formats, lengths, ranges, and required fields checked at the edge and anything that does not conform rejected with a clear error. I am unbending on this because untrusted input is the root of a huge share of API breaches, from injection to overflow to malformed payloads that crash a handler, and the client cannot be trusted to send you clean data no matter how nicely you documented it. Validating against your OpenAPI schema turns your contract into a working defense rather than a suggestion. Reject early, reject clearly, and never let unvalidated data reach your business logic or datastore.
Input Validation (Security)
Strategies
API Data Is Classified and Protected
All data exposed through APIs must be classified by sensitivity level, with appropriate protections applied based on classification, ensuring that PII, financial data, and other sensitive informati...
Experiences
Security
API security is a top priority for any enterprise, with even higher standards for externally available APIs. However, security doesn’t end with the APIs an enterprise produces—it also applies to co...
Quality
The quality of HTTP APIs powering an enterprise tends to decline as the number of ungoverned APIs grows across internal, partner, and public landscapes. Low-quality APIs lead to poor downstream exp...
Trust
Establish trust with API consumers will evolve and build over time, and is something that can be lost in a very short period of time. Trust will depend on other experiences like quality and reliabi...
Lifecycle
checklist Testing Beta
Testing is how I know the API does what the contract says. Contract testing, integration testing, and validation against the definition keep implementation and documentation honest with each other....
security Security Production
Security runs through every stop on this lifecycle, but it also deserves its own attention. OWASP alignment, vulnerability scanning, and defense in depth protect both the provider and the consumer....
balance Governance Production
Governance is how everything on this lifecycle stays aligned as an operation scales. Policies, rules, and standards applied consistently across teams are what keep APIs coherent without slowing eve...