Require that OWASP API security top ten has been applied as part of API security.
OWASP
Strategies
API Data Is Classified and Protected
All data exposed through APIs must be classified by sensitivity level, with appropriate protections applied based on classification, ensuring that PII, financial data, and other sensitive informati...
Lifecycle
security Security Production
Security runs through every stop on this lifecycle, but it also deserves its own attention. OWASP alignment, vulnerability scanning, and defense in depth protect both the provider and the consumer....