Which are two best practices used to secure APIs? (Choose two.)

Which are two best practices used to secure APIs? (Choose two.)

• use reputable and standard libraries to create the APIs
• make internal API documentation mandatory
• discussing company API development (or any other application development) on public forums
• secure API services to provide HTTP endpoints only
• keep API implementation and API security into one tier allowing the API developer to work on both facets simultaneously

Explanation: The following are several general best practices and recommendations for securing APIs:
- Secure API services to provide HTTPS endpoints with only a strong version of TLS.
- Validate parameters in the application and sanitize incoming data from API clients.
- Explicitly scan for common attack signatures; injection attacks often betray themselves by following common patterns.
- Use strong authentication and authorization standards.
- Use reputable and standard libraries to create the APIs.
- Segment API implementation and API security into distinct tiers; doing so frees up the API developer to focus completely on the application domain.
- Identify what data should be publicly available and what information is sensitive.
- If possible, have a security expert do the API code verification.
- Make internal API documentation mandatory.
- Avoid discussing company API development (or any other application development) on a public forum.

Exam with this question: Ethical Hacker: Course Final Exam Answers