API Security: Who’s Knocking at Your Door?

Web services are one of (if not) the most fundamental, enabling technologies of the digital age. Around the globe at this very moment, hundreds of millions of server and software calls are being made to hundreds of thousands of APIs. Modern business runs on APIs.
But not all of the client callers are friendly. Many want to do harm to the business behind the web service, their partners, and their clients.
Whether your API is used primarily for B2B exchanges, in your own apps, or is used by consumer developers to build their apps and sites, most companies that provide APIs really don’t know who’s communicating with their endpoints. As well, most companies have little to no clue if those calls are being made from unexpected places that may themselves be posing big security risks.
So, what are the top threats posed by APIs?
A recent research survey conducted by cybersecurity platform provider Imperva found that while almost 70% of businesses have APIs, few have robust security baked in or were not designed with security in mind. These insecure APIs are thus very easy targets for one of the scourges of the modern digital world: botnets.
Botnets (and their participation in things like DDoS attacks) are the number one threat to business APIs. Besides just jamming APIs so they can’t be used for short periods, botnets can also simply slowly strain them or attempt to put them out of business by frustrating their operations in a variety of ways a little bit over time, harming your partners, clients, profits and reputations.
They can also be used for a much wider variety of attacks and compromises often all at once in coordinated attacks that include your APIs and other network endpoints, such as:

  • Spamming
  • Sniffing Traffic
  • Spreading Malware
  • Installing Advertisement Add-ons and Browser Helper Objects (BHOs)
  • Google AdSense Distro Disruption
  • Large-Scale Identity Theft

Getting Rid of Unwanted Visitors

Rather than spend a small fortune on a big, bloated cybersecurity, endpoint, or threat intelligence platform, most companies can quickly and affordably improve the security of their APIs in a big way by just knowing who’s reaching out to talk to their endpoints, finding out which ones of them are potentially risky, and blacklisting or limiting access to those server clients.
How you may ask?
By using our Musubu IP data and cyber threat information APIs, it’s easy for developers to build IP checks right into their existing systems. Our APIs not only provide core IP data that shows you things like company and geolocation info for the calling IP address, we also use our internal data sets and special algorithmic special sauce to score each IP for it’s riskiness. From there, it’s easy to block potentially risky IPs.
When you query one or more IP addresses with our API, we give you back:

ipaddress IPv4 address in 4-octet dot notation, from to
ipint IPv4 address as 8 byte integer representation. Integer 0-4294967295.
threat_potential_score_pct Numeric threat score. Integer 0-100.
threat_classification Overall characterization of threat. String, with one of the following values:
blacklist_class String, with one of the following values:
blacklist_class_cnt Count of distinct sources which have identified the address as malicious. Integer.
blacklist_network_neighbors Count of addresses present on the same subnet which have been identified as malicious. Integer.
blacklist_observations Count of observations in the last 90 days. Integer.
country Two character country designation based on ISO 3166-1 alpha-2. String.
stateprov State or province. String.
district String.
city String.
zipcode String.
latitude Latitude. Float.
longitude Longitude. Float.
timezone_offset Timezone offset in hours. Float.
timezone_name String.
ispname Internet Service Provider (ISP) or associated organization. String, alphanumeric and punctuation.
network_type The service classification for the associated network. String, with one of the following values:

ACADEMIA (universities, schools, labs, and institutes)
BROADBAND (residential and small business)
CDN (commercial, P2P, and free content delivery networks)
CLOUDHOSTING (cloud and web hosting environments)
ENTERTAINMENT (music, TV, video sharing, and gaming)
FILESHARING (commercial and free)
GOVERNMENT (federal, state & local, and foreign governments)
HEALTHCARE (commercial)
INTERNETAUTHORITIES (government, non-profit, and international authorities)
INTERNETSECURITY (commercial internet security firms)
SEARCHENGINE (commercial)
SOCIALNETWORKING (commercial social networking sites)
SOFTWAREDOWNLOADS (commercial and free)
NODES (public and hidden TOR services)
network_group String.
network_name String, alphanumeric plus punctuation.
So, not only can you pinpoint the location of IPs that are communicating with your API endpoint, you can also determine if it’s been seen in association with a cyber threat such as botnets, phishing, malware and much more. Just check out the list above.


In addition, we provide your engineers and analysts with a host of important data useful to a wide variety of app development and cybersecurity use cases.


Our Musubu API service was developed to give just this kind of edge to U.S. government and defense networks. If it’s good enough for them and their huge volume of client connections, rest assured it can help secure your web services too.


Wanna explore the API and data?
Sign in to our simple user interface app, MusubuApp, at https://musubuapp.co/. It’s free to search up to 50 comma-separated IPs per day. Just register, then paste in your CSV list and away you go. It’s a great tool for checking your own endpoints too, along with dozens of other use cases.


Contact Us Now with Any Questions and for More Info