The good news is that we now have powerful standards and frameworks that promise to protect valuable resources and identities in the API space. But, what implementation details need to be considered and what damage can be done if we aren’t careful? In this session we will consider known attack vectors, speculate on future risks and investigate the challenges that security architects face in our API driven world.