The document should define appropriate application programming interface (API) Security Guidelines for applications(Microservices) that are being developed across a Organization.
-What is API
-API Risks
-API Enumeration
-Fuzzing
-Injection
-OWASP vulnerabilities on API
-API security Best Practices
-Access control(Authorization and authentication)
-Java Based Web Tokens(JWT)
-Implementing API keys
-Restricted HTTP Methods
-Validate content Types
-Send safe content types
-API Endpoints Management
-Proper Input Validation
-Error Handling(Provide an example here: “An error occured” “Your username or -password is wrong”)
-Audit logs(Ensure that sensitive application data is not included in the logs)
-Logging
-Monitoring
-Alerting
-Request cannot be sent as headers
-response of JSON objects
-GET vs Post
-API gateways/WAF
-Rate limit checks
Document should be 5000 words(15-20pages) and put Index on the first page
This document is not for school
please see the format in the attached files