This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
How to Prevent API Abuse on Mobile Apps
API abuse can take many forms and is the mechanism behind many attack vectors, such as account takeover, fake account creation, denial of service, credit fraud, app impersonation, Man-in-the-Middle attacks, data breaches, and data scraping. Any of these threats can pose a serious risk to your app and its users.
Fortunately, for mobile first and mobile centric businesses, there are several strategies you can use to help protect your API from these attacks and ensure that the valuable data it contains remains secure.
1) App Integrity
The first line of defense against API abuse is to ensure that only genuine, untampered versions of your app can make API calls. This can be accomplished using mobile app attesation, which verifies the authenticity of your app - protecting you against attacks from modified (tampered) apps and scripts which are impersonating genuine apps.