The application programming interface (API) is an emerging technology for integrating applications using Web technology. This approach is exploding in popularity because it builds on well-understood techniques and leverages some existing infrastructure. But it is a mistake to think you can secure APIs using the same methods and technology with which we secured the browser-centric Web. APIs are fundamentally different from websites and have an entirely unique risk profile that must be addressed.