by Lena Reitzle
According to a Gartner report, application programming interfaces (APIs) already account for 40% of the attack surface of web applications – and the trend is rising. Gartner estimates that this figure will rise to 90% by 2021. The trend is more and more towards dynamic single-page applications (SPAs), while classic server-based web applications are gradually being replaced.
There are several reasons for this. Firstly, the increasing use of smartphones and tablets, on which mobile applications not only embed classic web applications, but also communicate directly with application interfaces, promotes this development. Secondly, Internet of Things (IoT) devices are becoming increasingly popular. APIs are essential for such an internet infrastructure.  It is therefore obvious that APIs are becoming more and more important for the security of web applications.