We here at ProgrammableWeb see a lot of APIs. Many of them are pretty secure, and some sadly are not. So, what makes an API secure? Well, I'm glad you asked. There are a lot of things one can do to improve the security of an API. Below I'll outline three simple practices that make up a good start for a secure API.
Yelp recently announced that it will open source its fuzz-lightyear testing framework. Fuzz-lightyear specifically identifies Insecure Direct Object Reference (IDOR) vulnerabilities which present some of the most difficult vulnerabilities for enterprises to systematically defend against.