I'm curious about recommended documentation specifically on API best practices. OWASP seems to have a dead project and some other REST risk documents. I found NIST 800-95 circa 2007. I'm just wondering if a NIST document or other resources are eluding my first attempts. I'm looking to set up a high level policy on API/API gateway requirements.
A Mastodon instance for info/cyber security-minded people.