Ama-API asephenduke umgogodla womnotho wedijithali, kodwa futhi asephenduke enye yezindawo ezihamba phambili zokuhlasela kwe-cyberattacks. E-Brazil, inkampani ngayinye ihlupheke ngokwesilinganiso sokuzama ukungena okungu-2,600 ngesonto engxenyeni yokuqala ka-2025, ngokombiko we-Check Point Research (Julayi/25), okuwukunyuka okungama-21% uma kuqhathaniswa nesikhathi esifanayo sonyaka odlule. Lesi simo sibeka isendlalelo sokuhlanganisa phakathi nendawo yezingxoxo zokuphepha.
Ngaphandle kokuphatha, izinkontileka ezichazwe kahle, nokuhlola okwanele, amaphutha abonakala emancane angehlisa ukukhishwa kwe-e-commerce, aphazamise ukusebenza kwe-Pix, futhi enakalise ukuhlanganiswa okubalulekile nozakwethu. Indaba kaClaro, isibonelo, eyayidaluliwe iziqinisekiso, amabhakede e-S3 anamalogi nokucushwa, kanye nokufinyelela kumininingwane egciniwe nengqalasizinda ye-AWS edayiswe yisigebengu, sibonisa indlela ukwehluleka ekuhlanganiseni okungalimaza ngayo kokubili ukugcinwa kuyimfihlo nokutholakala kwezinsizakalo zamafu.
Nokho, ukuvikelwa kwe-API akuxazululwa ngokuthola amathuluzi angawodwa. Iphuzu eliyinhloko ukuhlela izinqubo zentuthuko ezivikelekile kusukela ekuqaleni. Indlela yokuklama yokuqala , isebenzisa ukucaciswa okufana ne-OpenAPI, ivumela ukuqinisekiswa kwezinkontileka nokudalwa kwesisekelo esiqinile sezibuyekezo zokuphepha ezihlanganisa ukuqinisekiswa, izimvume, nokuphathwa kwedatha ebucayi. Ngaphandle kwalesi sisekelo, noma yikuphi ukuqinisa okulandelayo kuvame ukudambisa.
Ukuhlola okuzenzakalelayo, ngaphezu kokuba umugqa olandelayo wokuzivikela, kwenza ukuhlola kokuphepha kwe-API ngamathuluzi afana ne-OWASP ZAP ne-Burp Suite, ngokuqhubekayo kukhiqiza izimo zokuhluleka ezifana nemijovo, ama-bypasses okuqinisekisa, ukweqa komkhawulo wesicelo, nezimpendulo zamaphutha ezingalindelekile. Ngokufanayo, ukuhlolwa komthwalo nokucindezeleka kuqinisekisa ukuthi ukuhlanganiswa okubalulekile kuhlala kuzinzile ngaphansi kwethrafikhi enzima, kuvimbela ukuthi kungenzeka ama-bots anonya, obhekene nengxenye enkulu yethrafikhi ye-inthanethi, ukuyekethisa izinhlelo ngokusebenzisa ukugcwala.
Umjikelezo uphothulwa ekukhiqizweni, lapho ukubonwa kubalulekile. Amamethrikhi okuqapha afana nokubambezeleka, izinga lephutha endaweni ngayinye , nokuhlobana kwekholi phakathi kwamasistimu kuvumela ukutholwa kwangaphambi kwesikhathi kokudidayo. Lokhu kubonakala kufinyeza isikhathi sokuphendula, kuvimbele ukuhluleka kobuchwepheshe ukuthi kuphenduke izehlakalo zesikhathi sokuphumula noma ubungozi obusebenzisekayo kubahlaseli.
Ezinkampanini ezisebenza nge-e-commerce, izinsizakalo zezezimali, noma imikhakha ebucayi, ukunganaki isendlalelo sokuhlanganisa kungadala izindleko ezinkulu emalini engenayo elahlekile, unswinyo lokulawula, kanye nokulimala kwesithunzi. Iziqalo, ikakhulukazi, zibhekene nenselele eyengeziwe yokulinganisa isivinini sokulethwa nesidingo sokulawula okuqinile, njengoba ukuncintisana kwazo kuncike kukho kokubili emisha nokwethembeka.
Ukuphatha kwe-API nakho kuzuza ukuhlobana ngokukhanyiselwa kwamazinga omhlaba, afana nezinga le-ISO/IEC 42001:2023 (noma i-ISO 42001), elisungula izimfuneko zezinhlelo zokuphatha ubuhlakani bokwenziwa. Nakuba ingabhekiseli ngokuqondile kuma-API, ibaluleka lapho ama-API eveza noma esebenzisa amamodeli e-AI, ikakhulukazi kuzimo zokulawula. Kulesi simo, izinqubo ezihamba phambili ezinconywe i-OWASP API Security yezinhlelo zokusebenza ezisekelwe kumodeli yolimi nazo zithola amandla. Lawa mabhentshimakhi ahlinzeka ngezindlela ezihlosiwe zezinkampani ezifuna ukuvumelanisa ukukhiqiza nokuthobela imithetho nokuphepha.
Esimeni lapho ukuhlanganiswa sekubalulekile emabhizinisini edijithali, ama-API avikelekile ama-API ahlolwa ngokuqhubekayo futhi aqashwe. Ukuhlanganisa idizayini ehlelekile, ukuvikeleka okuzenzakalelayo nokuhlolwa kokusebenza, nokubonwa kwesikhathi sangempela akunciphisi indawo yokuhlasela kuphela kodwa futhi kudala amaqembu aqine kakhulu. Umehluko phakathi kokusebenza ngokuvinjelwa noma ngokusebenza kanzima ungachaza ukusinda endaweni echayeka kakhulu ezinsongweni.
*UMateus Santos uyi-CTO kanye nozakwethu e-Vericode. Ngaphezu kweminyaka engama-20 yesipiliyoni kumasistimu kuyo yonke imikhakha yezezimali, kagesi, nezokuxhumana, unolwazi lwezokwakha, ukuhlaziya, nokwenza kahle kokusebenza kwesistimu, amandla, kanye nokutholakala. Ebhekene nobuchwepheshe benkampani, uMateus uhola emisha kanye nokuthuthukiswa kwezixazululo zobuchwepheshe ezithuthukile.
