Many security teams now realize that APIs are one of their biggest security blind spots. Many have responded by zeroing in on their most obvious area of API risk: the business-to-consumer (B2C) APIs that external-facing mobile and web applications rely on. \r\n Because these B2C APIs serve the outside world, they are particularly vulnerable to attack via bots and other automated methods. So, in response to those threats, many organizations have deployed specialized bot mitigation tools or use first-generation API products or web application firewalls ( WAFs ) to tightly manage access to B2C APIs. \r\n \r\nThese are sound practices, but B2C APIs only represent the tip of the iceberg when it comes to overall API risk. A much greater set of API risks often remains hidden below the surface — in an organization’s business-to-business (B2B) APIs. \r\n"}}"> Many security teams now realize that APIs are one of their biggest security blind spots.…