Parameters are the key method of how an API accepts input data. They can be, for example:

  • Paths, such as /users/2875
  • Queries, like /users/?id=2875

The OpenAPI Specification provides a unified way how to define different types of parameters.

At the parameter level, most security risks stem from not defining the expected data types and values precisely enough. An attacker could use them to cause things like:

  • Buffer overflows
  • JSON parser crashes
  • Backend errors
  • Other unexpected behavior on your side

The more detailed you make your parameter definitions, the lower the chances that someone can abuse your parameters.

Browse through this section to see the details of each parameter-related API security risk.