API abuse can take many forms and is the mechanism behind many attack vectors, such as account takeover, fake account creation, denial of service, credit fraud, app impersonation, Man-in-the-Middle attacks, data breaches, and data scraping. Any of these threats can pose a serious risk to your app and its users.
Fortunately, for mobile first and mobile centric businesses, there are several strategies you can use to help protect your API from these attacks and ensure that the valuable data it contains remains secure.
The first line of defense against API abuse is to ensure that only genuine, untampered versions of your app can make API calls. This can be accomplished using mobile app attesation, which verifies the authenticity of your app - protecting you against attacks from modified (tampered) apps and scripts which are impersonating genuine apps.