The API security standards should be the same regardless of who the client is.
Even a trustworthy host (client) can get compromised at some point in
time, but this event should not compromise the API.
Sometimes it may seem overkill, especially if one of the clients runs
on the same host than the API server but exceptions to the API
workflows, especial authN and authZ, tend to lead to security
> You received this message because you are subscribed to the Google Groups "API Security Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to api-security-pro...@owasp.org
> To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/api-security-project/c5a4179e-75ec-4951-b1e8-f4c62d56b11c%40owasp.org
OWASP API Security Project - Project Main Maintainer
OWASP Go Secure Coding Practices Guide - Project Co-Leader