Security insights from the 2022 State of the API Report

Postman published their 2022 State of the API report here, specifically looking at the API security angle gave us some interesting data points.

Some 20% of respondents said API security incidents occur at least once a month at their organization, resulting in loss of data, loss of service, abuse, or inappropriate access. While the overall picture was more reassuring—52% said incidents happen less than once a year—the data underscores the importance of shifting left on security and incorporating it early in the API lifecycle.

Interestingly, API-first leaders reported more frequent security incidents, with 25% experiencing incidents at least once a month.

Postman hypothesize this is because API-first leaders deploy more APIs and have broader visibility of them; in fact, these organizations are twice as likely to deploy APIs daily. As such, they may detect security events that might escape notice at less API-first companies.?

Security remains a?top priority for development teams and organization at large.

When asked what factors are considered before integrating with an API, respondents told Postman performance was the top factor. This just barely edged out last year’s number- one pick, security still coming in at over 70%.

We asked developers and API professionals their opinion about the benefits of an API- first approach to development. At least 75% of respondents agreed that developers at API-first companies are happier, launch new products faster, eliminate security risks sooner, create better software, and are more productive.?

It is clear that to reap the rewards of being an API-first organisation you need to do so securely or risk losing all progress you gained on your competition.