API security has gathered significant attention recently. Since APIs by definition govern access to important data, any concerns about data security lead inevitably to questions about API security. This focus will continue to become increasingly top of mind as more APIs are created, published and used in the growing API-first world. However, there is reason for optimism. With a thoughtful planning approach, with follow-through and detailed execution, companies can have a successful API security policy.