An application programming interface (API) generally refers to a set of one or more functions, procedures, components, and services provided by a software library or a computer system. Web APIs allow clients to consume API services offered by another computer system over the internet. However, web APIs can be vulnerable to various types of cyber-attacks.
For example, a takeover of a client computer system can provide an attacker with credentials and unlimited access to web APIs accessible from a compromised client. In addition, a man-in-the-middle attacker may intercept and use web API authentication credentials to access private information, credit card accounts, bank accounts, or other secure data by impersonating a client.
Highly restrictive security measures may offer increased web API security. However, such measures can disrupt the flow of legitimate traffic and transactions. Accordingly, improved methods of authentication can provide better protection against takeover, man-in-the-middle, and other types of cyber-attacks while flexibly accepting routine changes occurring on a computer system or network without disrupting legitimate activity.