Open Access

REVIEW

Towards Secure APIs: A Survey on RESTful API Vulnerability Detection

Fatima Tanveer¹, Faisal Iradat^1,*, Waseem Iqbal^2,*, Awais Ahmad³

1 Department of Computer Science, School of Mathematics and Science, Institute of Business Administration, Karachi, 75270, Pakistan
2 Department of Electrical and Computer Engineering, Sultan Qaboos University, Al-Khud, Muscat, 123, Oman
3 College of Computer and Information Sciences, Imam Mohammad Ibn Saud Islamic University (IMSIU), Riyadh, 11432, Saudi Arabia

* Corresponding Authors: Faisal Iradat. Email: ; Waseem Iqbal. Email:

Computers, Materials & Continua 2025, 84(3), 4223-4257. https://doi.org/10.32604/cmc.2025.067536

Received 06 May 2025; Accepted 24 June 2025; Issue published 30 July 2025

Abstract

RESTful APIs have been adopted as the standard way of developing web services, allowing for smooth communication between clients and servers. Their simplicity, scalability, and compatibility have made them crucial to modern web environments. However, the increased adoption of RESTful APIs has simultaneously exposed these interfaces to significant security threats that jeopardize the availability, confidentiality, and integrity of web services. This survey focuses exclusively on RESTful APIs, providing an in-depth perspective distinct from studies addressing other API types such as GraphQL or SOAP. We highlight concrete threats—such as injection attacks and insecure direct object references (IDOR)—to illustrate the evolving risk landscape. Our work systematically reviews state-of-the-art detection methods, including static code analysis and penetration testing, and proposes a novel taxonomy that categorizes vulnerabilities such as authentication and authorization issues. Unlike existing taxonomies focused on general web or network-level threats, our taxonomy emphasizes API-specific design flaws and operational dependencies, offering a more granular and actionable framework for RESTful API security. By critically assessing current detection methodologies and identifying key research gaps, we offer a structured framework that advances the understanding and mitigation of RESTful API vulnerabilities. Ultimately, this work aims to drive significant advancements in API security, thereby enhancing the resilience of web services against evolving cyber threats.

---

Keywords

---