Scott Morrison, from API Academy, lays out these five simple steps as a part of your API security strategy:

• Validate parameters
• Apply explicit threat detection
• Turn on SSL everywhere
• Apply rigorous authentication and authorization
• Use proven solutions