Guides ยท Engineering
API Security Checklist Basics
Quick API security checklist
This guide offers a concise security checklist for APIs: auth, authorization, input validation, rate limits, logging, secrets handling, and dependency updates.
- api security
- authz
- input validation
- rate limits
- secrets
Auth and authz
Require auth on modifying endpoints; enforce least privilege and scopes.
Validate inputs
Validate and sanitize parameters and payloads; enforce size limits.
Protect resources
Rate-limit, throttle uploads, and check file types for uploads.
Hygiene and updates
Rotate secrets, pin dependencies, and patch known CVEs promptly.