Challenge
Digital transformation initiatives have increased the access to more and more data and resources, which has broadened attack vectors. In large, the access to the data or digital asset is done through API calls, typically managed by an API Gateway. For that reason, API Access control is a crucial piece of any API security strategy, and indeed 4 out of the top 5 security risks described in the OWASP API security top 10 list are now identity-related.