Session Abstract: Security is never a simple task, the same applies to APIs. Properly securing APIs gets even more challenging when the API ecosystem grows substantially. It’s naturally easier for a company to protect a few endpoints than hundreds. As the API ecosystem grows, merely starting to use OAuth may not be enough. Proper handling of OAuth tokens and utilizing different features that OAuth offers is required. In the talk I will describe: - the different views of what constitutes a large API ecosystem (it’s not only APIs that expose a lot of endpoints!) - common security issues - and how to address them.