API Secure Certification & Seal

Sapience comes integrated with our "API Secure" certification. The interactive API Secure logo builds trust for your APIs and is backed by a daily vulnerability scan that can be verified by your client and developer community.

Sapience API Secure Seal

The API Secure seal allows API providers of all sizes to scan their APIs for the presence of vulnerabilities.

Once an API successfully passes the comprehensive security scan, Sapience generates an API Secure seal. The seal can be displayed on the API provider’s website or developer portal demonstrating to customers and developers that you are maintaining a proactive API security program.

Injection

Injection is a code injection technique, used to attack web applications, in which malicious statements are inserted into an entry field for execution. Injection is mostly known as an attack vector for websites and APIs but can be used to attack any type of applications.

Gathering

Information Gathering is the most critical step of an application security test. By using public tools (search engines), scanners, sending simple HTTP requests, or specially crafted requests, it is possible to force the application to leak information, e.g., disclosing error messages or revealing the versions and technologies used.

Server

Server security is the protection of information assets that can be accessed from a server. Server security is important for any organization that has a public or private API connected to the Internet. It requires a layered defense and is especially important for organizations with customer-facing APIs.

Usage

Usage of weak authentication methods makes it easy for an attacker to intercept credentials, replay them to other hosts, and trick users into providing the credentials to the wrong location.

The API Secure seal comes in various sizes and color schemes to fit your site or developer portal.

When a site visitor clicks on the seal - we redirect to a results page of the last scan, providing peace of mind and true insight to your developers and customers of your proactive security approach. We always display the prior days security results - so that you have ample time to correct any issues before they become visible.

When developers see the API SECURE seal and Verification Page, they are more likely to work with you as the seal demonstrates that you are serious about protecting their data.

Data security breaches can impact your brand negatively - enabling a self assigned security audit that is visible to your developer community demonstrates that you are serious and well prepared to earn the trust of your developer community.