explaingit

arainho/awesome-api-security

3,791Audience · developerComplexity · 2/5Setup · easy

TLDR

A curated index of open-source tools, books, cheatsheets, labs, and training resources focused on API security, covering both defenders and testers, with no code of its own.

Mindmap

mindmap
  root((API Security))
    Defensive Resources
      OWASP Cheatsheets
      Security Checklists
      Auth Standards
      Books
    Testing Tools
      API Scanners
      Fuzzing Wordlists
      Key Leak Detection
    Practice Labs
      Vulnerable APIs
      Training Labs
    Learning
      Podcasts
      Conference Talks
      Video Playlists
      Newsletters
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Find the right tool to scan your API for security vulnerabilities before launch

USE CASE 2

Learn API security fundamentals using free books, cheatsheets, and training labs

USE CASE 3

Test authentication and authorization flaws using practice vulnerable APIs

USE CASE 4

Keep up with API security news via curated podcasts, talks, and newsletters

Tech stack

RESTGraphQLOWASP

Getting it running

Difficulty · easy Time to first run · 5min

No code to install. Browse the README directly on GitHub or clone the repo to read it locally. All resources link to external sites.

No license explicitly mentioned for the list itself, all linked resources are open-source or freely available.

In plain English

Awesome API Security is a curated reference list for anyone who works with APIs and wants to understand the security risks involved. An API (Application Programming Interface) is the way software systems communicate with each other over the internet. When an API is poorly secured, attackers can extract data they should not see, impersonate users, or bypass access controls entirely. This repository collects open-source tools, books, cheatsheets, training materials, and other resources that help developers and security professionals learn about and test API security. The list is organized into distinct sections. Some sections are aimed at defenders: cheatsheets from OWASP (a well-known security standards organization), books on building secure APIs, specifications for common authentication and authorization standards, and ready-made security checklists for REST and GraphQL APIs. Other sections are oriented toward testers and security researchers: tools for scanning APIs, wordlists for fuzzing (automated probing for weaknesses), deliberately vulnerable practice APIs to learn on, and guidance on finding and verifying leaked API keys in public code. There are also sections covering training labs, conference talks, podcasts, video playlists, and newsletters dedicated to API security, making the list useful both for someone starting to learn the topic and for experienced practitioners looking for specific tools or reading material. The project does not contain any code of its own. It is purely a maintained index of external links. Contributions are accepted via pull requests, and the focus is specifically on open-source or freely available resources rather than commercial products. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
What are the most common API security vulnerabilities I should check for in my project?
Prompt 2
Which tools in this list can help me find leaked API keys in public code?
Prompt 3
What OWASP checklists should I follow to secure a REST API?
Prompt 4
Where can I practice finding API security bugs without breaking any real systems?
Prompt 5
What books or courses does this list recommend for learning API security from scratch?
Open on GitHub → Explain another repo

← arainho on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.