The 2022 API Security Trends Report

451 Research asked participants about their API landscape, API security tools, maturity level of API security within the organization, and more. In this API security trends report, we dive into the key findings.

API Usage 

Companies rely on tens of thousands of APIs. For the enterprises participating in this study, the average number of APIs in use is 15,564. Large enterprises, those with more than 10,000 employees, have an even greater dependency, with an average of 25,592 APIs in place.

API Security Incidents

Many API security incidents will go undisclosed unless a data breach occurs requiring consumer notifications, or there is a coordinated disclosure of API security vulnerabilities with a security researcher. Practitioners were asked whether their organizations had experienced a security incident related to an API in the past year.

41% of organizations had an API security incident in the last 12 months.

63% of those noted that the incident involved a data breach or data loss.

Top API Security Issues

Respondents’ top-cited API security problems in the past 12 months include poor API logging practices (39%); problems in API authentication, including lack of authentication in APIs that should require it (37%); and API misconfigurations (36%).

The Impact on Development Projects

Just over a third (35%) of survey respondents said projects were specifically delayed due to API security concerns. 87% of those believe more effective integration of API security testing (AST) into developer pipeline activities could have prevented those delays.