Several metrics are important to an API security program, including:
API request rate: This metric measures the number of API requests made over a given period. It can help identify potential denial of service (DoS) attacks or other types of abuse.
API authentication and authorization success rate: Reviewing the success rate of API authentication and authorization attempts can help identify any issues with these mechanisms.
API key and token usage: Reviewing the usage of API keys and tokens can help identify any issues with how API keys and tokens are being used or misused.
API penetration test results: Reviewing the results of API penetration testing will help identify any vulnerabilities in the API that need to be addressed.
API data validation success rate: Reviewing the success rate of API data validation will help identify any issues with the API’s input validation mechanisms.
API error rate: Reviewing the number of API errors that occur over a given period will help identify any issues with the API or the way it is being used.
API security event: Reviewing the number of security events on the API will help identify any security issues or vulnerabilities.
API response time: Reviewing how long it takes for an API to respond to a request will help identify any performance issues with the API or the underlying infrastructure.
