Like traditional local APIs, web service APIs (web APIs for short) evolve, bringing new and improved functionality as well as insecurities. The Application Programming Interface (API) may be longstanding theory but it’s the one that is going through transformations. Enterprises have a decent impact on the line, including reputation, guideline and the concurrent needs of partners, customers, shareholders, and employees. As driven by cloud and mobile hungers, everyday organizations are opening their information assets to external developers. API publishing must be dealt with excessive care by enterprises. In this paper, we report an approach to provide security to API to address this issue. We analyzed the three popular attack vectors which act as threat to APIs and carefully studied how API Gateway can be used to secure the existing APIs. Our findings are threefold: 1) We examine the major vulnerabilities in an API; 2) We identify the Security solution by the means of API Gateway; 3) We examine the different tools used for API Management, to give Web and IT managers and enterprise architects vital facts and figures for selecting an API Management solution.

Jun Li, Yingfei Xiong, Xuanzhe Liu, Lu Zhang, “How Does Web Service API Evolution Affect Clients?” 2013 IEEE 20th International Conference on Web Services.

Serkan Özkan, Security Consultant, www.cvedetails.com/, The ultimate security vulnerability data source, Vulnerability by Type & Date.

Scott Morrison, CA Technologies, EBook on “Five Simple Strategies for Securing APIs,”

CA Technologies, EBook on “5 Pillars of API management,”

EReport , “The Forrester Wave: API Management Platforms,” February 2013

www.secretservice.gov, "2013 Data Breach Investigations Report," [Accessed: Jan. 12, 2014]. (General Internet site)

White paper on “Choosing the Right API Management Solution for the Enterprise User”, Published: 23 Sep 2014, online on link: https://www.ca.com/us/register/forms/collateral/choosing-the-right-api-management-solution-for-the-enterprise.aspx

White paper on “Protecting Your APIs against Attack and Hijack”, online on: https://www.scribd.com/doc/259402072/Protecting-Your-Apis-Against-Attack-and-Hijack, (General Internet site).

B2B-KnowHow.com - Your Information Portal, online on: http://b2b-knowhow.com/assets/814.

Int. J. Advanced Networking and Applications, 2014, “Building Applications with Social Networking API’s”, http://www.ijana.in/papers/V5I5-7.pdf.

“What is an API”, http://pages.3scale.net/rs/3scale/images/what-is-an-api.pdf

Arun Bhattacharya, “Seven Ways to Create an Unbeatable Enterprise Mobility Strategy”, Online on: http://www.ca.com/us/~/media/Files/eBooks/seven-ways-to-create-an-unbeatable-enterprise-mobility-strategy.pdf.

Kin Lane, “11 API MANAGEMENT SERVICES”, http://www.programmableweb.com/news/11-api-management-services.

CA Technologies E-Report on, “API Security and Threat Protection”, online on: http://www.ca.com/us/products/api-management/solutions/api-management-solutions/api-security-solution.aspx.

“Seven Steps to Create an Unbeatable Enterprise Mobility Strategy”, http://www.infoq.com/articles/creating-an-enterpise-mobility-strategy