Sažetak
Application programming interfaces (APIs) for con�necting applications are the most important for interoperability between disparate information systems today. It allows that the application that offers such an interface does not allow direct access to the server and all data, but each interface provides only the corresponding necessary data. The efficiency and speed of APIs enable information systems to retrieve formatted data that can be sequentially processed and used. In this paper API security will be discussed as a challenge today. The integration of today’s applications takes place in the conditions of a changing environment of information systems and growing threats of cyber defense and security. The new approach to security was created, which is reflected through the principles of Zero Trust Architecture (ZTA). To enable a comprehensive overview of API security challenges, in this work, the authors designed and presented a new extensive conceptual non-hierarchical model of API cyber defense. In addition to known cybersecurity threats, it takes into account the threats inherent in non-compliance with the principles of ZTA which is also known as Zero Trust Security Model, or Zero Trust Network Access (ZTNA). The designed model covers, amongst others, the intersection between the strategy of secure API construction and Zero Trust Architecture.
Ključne riječi
API risk; API security; conceptual API cyber defense model; cybersecurity; Zero Trust Architecture
