A new self-serve risk assessment tool is now available in private beta for API providers who want to test the security robustness around their API architecture and design. The new tool allows entering an API by a variety of means and then testing for common vulnerabilities. Solutions are suggested.
Secret API Keys add a layer of security to APIs and who can access what functions, but a simple flaw in the common implementation in GitHub leaves many API Keys exposed to external developers. This tutorial by Moshe Shaham explains this error, as well as how to leverage it to find API keys.
Since the Cambridge Analytica debacle, Facebook has faced pressure to improve its security practices. In response, Facebook cut the functionality of its Graph API and the Instagram API. Now, one developer has petitioned Facebook to go even further in making the Instagram API more open and secure.