An application programming interface (API) is a way for one piece of software to interact with another piece of software. If a program or application has an API, external clients can request services from it.

API security is the process of protecting APIs from attacks. Just as applications, networks, and servers can be subject to attack, APIs can fall victim to a number of different threats.

API security is a core component of web application security. Most modern web applications rely on APIs to function, and APIs introduce additional risk to an application by allowing outside parties to access it. One comparison is a business that opens its office to the public: having more people on the premises, some of whom may be unknown to the business's employees, introduces greater risk. Similarly, an API allows outsiders to use a program, introducing more risk to the API service's infrastructure.