Definition

Unsafe Consumption of APIs occurs when an application improperly integrates or trusts third-party APIs, leading to security risks.

It focuses on external dependencies, not internal APIs.

Core idea

Even if your own API is secure, you can still be compromised if:

• You trust insecure third-party APIs
• You fail to validate or sanitize external data
• You integrate external services without proper security checks

In short:

Third-party APIs can become an attack vector into your system.

Key risk areas

• Data theft through insecure integrations
• Injection attacks from external API responses
• Account takeover via flawed third-party workflows
• Cross-site scripting (XSS) through untrusted API data
• Supply chain API vulnerabilities