FSC-5: API Fundamentals & Security

Overview

APIs (Application Programming Interfaces) are the backbone of modern applications—powering communication between systems, mobile apps, and cloud services. Understanding how APIs work and how to secure them is a foundational cybersecurity skill.

This project introduces you to API communication, JSON data structures, authentication, and common API vulnerabilities. You’ll use tools such as curl, Postman, and Keycloak to gain hands-on experience interacting with and securing APIs.

What You Will Learn

• The purpose and structure of APIs
• How to make API requests and interpret responses
• Understanding JSON and endpoint parameters
• Using API keys and tokens for authentication
• Recognizing and mitigating common API vulnerabilities
• Applying governance and compliance concepts to API design

Recommended Tools

• curl or httpie (command-line testing)
• Postman (API testing GUI)
• Keycloak (token and identity management)
• OWASP Juice Shop or DVWA (testing environment)

Self-Check: Test Your API Knowledge

Before beginning, see if you can answer these:

1. What is the difference between an API key and an OAuth token?
2. What does the HTTP 401 status code indicate?
3. What format is most commonly used for REST API responses?

Access the Full Lab Instructions

Submitting Your Work

• Document your API calls and results using screenshots or exported Postman collections.
• Include a brief reflection (200–300 words) explaining what you learned about how APIs operate and how to secure them.
• Submit your documentation to the designated course repository or LMS.