We would want to make sure that the API Sec includes
from Tim Dyke to everyone:
Part 1 – Restrict access to API based on IP Addresses Part 2 – Rate limit API calls with Retry time Part 3 – Rate limit API calls for OData Batch calls Part 4 – Data masking of sensitive data from API response Part 5 – JSON Threat protection against injection attacks Part 6 – XML Threat protection against injection attacks Part 7 – Log all API interactions Part 8 – Threat protection against SQL injection attacks Part 9 – Threat protection against XML External entity injection attacks Part 10 – Raise alerts via email notification when threat is detected Part 11 – Rate limit concurrent connection to target Part 12 – Rate limit API call per developer