Attacks and data breaches on poorly protected APIs are mounting. Fraudsters exploit API vulnerabilities to steal sensitive data including user information (PII), business-critical content, etc. Modern application architecture trends — including mobile devices, use of cloud systems, and microservice design patterns — complicate security of APIs as now multiple gateways are involved to facilitate interoperability among diverse web applications. The extensive deployment of internal APIs, combined with mobile access and increased dependence on cloud-based APIs, means that web application security defense systems that defend only the external perimeter are ineffective. Also, as new APIs are being added and consumed by businesses on an ongoing basis, API security is not a one-time exercise. ShieldSquare ensures that API usability is not unduly affected, and provides real-time protection against malicious bots to avert API abuse.