Akamai API Security's main use case in my environment is to protect critical APIs that are exposed to the internet, especially for banking and financial applications. I primarily use it to secure APIs handling sensitive operations such as user authentication, account access, payment processing, and data retrieval. These APIs are high risk because they directly interact with sensitive customer data. From a protection standpoint, I use Akamai API Security to detect and mitigate threats like bot abuse, credential stuffing, injection attacks, and unauthorized access attempts. I also enforce controls such as rate limiting and access validation to prevent misuse of the API. From a monitoring perspective, I continuously analyze API traffic patterns to identify anomalies such as unusual spikes in requests, abnormal behavior from specific IPs, or any deviations from the normal API usage. Additionally, I focus on identifying OWASP API security risks such as broken authentication or excessive data exposure and ensure the appropriate policies are in place to mitigate those risks. Overall, the goal is to ensure that all external-facing APIs are secure, resistant, and protected against both automated and targeted attacks. One recent example I worked on was securing a login and authentication API for a banking application. This API was being heavily targeted by automated bot traffic, mainly for credential stuffing attempts. I observed a high volume of login requests coming from a limited set of IP ranges with abnormal request patterns. Using Akamai API Security, I analyzed the traffic behavior and identified that these were non-human requests with repetitive patterns. Based on this, I implemented rate-limiting controls and stricter access policies to restrict excessive login attempts. Additionally, I tuned the security rules to detect anomalies such as unusual request frequency and abnormal headers. This helped me to effectively block malicious traffic while allowing legitimate users. After implementing these controls, I saw a significant reduction in unauthorized login attempts and improved overall stability of the API. This was a key use case where I used Akamai API Security for both detection and prevention of bot-driven attacks. Apart from the primary use case of protecting authentication APIs, I have also seen significant value in using Akamai API Security for detecting and controlling abnormal API usage patterns. One key scenario was identifying excessive data access through a certain API where clients were making unusually high-frequency requests to retrieve the data. While this was not a direct attack, it had the potential to impact application performance and expose sensitive data patterns. Using Akamai API Security, I was able to baseline the normal API behavior and quickly identify these anomalies. Based on that, I implemented rate limiting and access restrictions to control such usage. Another area where it made a difference was in reducing the false positives. By analyzing the API traffic behavior more intelligently, I was able to fine-tune policies so that legitimate users were not impacted while still maintaining strong security controls. Overall, Akamai API Security helped me to move from reactive security to a more proactive and behavior-based approach, thus improving both security and user experience.
Akamai API Security serves as our primary tool for API discovery, risk evaluation, and behavior-based threat detection. The platform provides us with visibility into all active APIs, including endpoints, and helps us reduce our attack surface. Akamai API Security identifies undocumented APIs, commonly known as shadow APIs, and analyzes traffic to detect anomalies such as credential abuse, excessive requests, or suspicious patterns of data access. When anomalous behavior is detected, the system alerts our SOC team and allows security policies to be applied before the traffic reaches our backend systems.
Akamai API Security serves as our primary tool for API discovery, risk evaluation, and behavior-based threat detection. The platform provides us with visibility into all active APIs, including endpoints, and helps us reduce our attack surface. Akamai API Security identifies undocumented APIs, commonly known as shadow APIs, and analyzes traffic to detect anomalies such as credential abuse, excessive requests, or suspicious patterns of data access. When anomalous behavior is detected, the system alerts our SOC team and allows security policies to be applied before the traffic reaches our backend systems.
Incident Manager at a computer software company with 1,001-5,000 employees
Real User
Top 5
Feb 2, 2026
Since multiple teams were involved in issue resolving, at least ten plus people from our side were involved in the implementation process. Everyone was contributing, even if we consider two per team. We are mostly talking about engineers, so they are all engineers. This ten plus people includes one from the NOC team, one from the operations team, and two or three from the security team.
I use Akamai API Security. I downloaded a report comparing WAF Akamai and WAF Azure to understand the real differences. I studied the solution to comprehend how it detects bots. For example, with Akamai API Security, the browser inspector helps me understand the bot detection capabilities.
Akamai API Security offers a comprehensive set of features designed to improve API security posture, including automated API discovery and anomaly detection, ensuring robust data protection and minimized response times.Focused on safeguarding public-facing APIs, Akamai API Security provides full visibility into undocumented APIs and detects abnormal traffic patterns, minimizing unauthorized access and data exposure. Integration with tools like Bot Manager Premier and DDoS protection allows...
Akamai API Security's main use case in my environment is to protect critical APIs that are exposed to the internet, especially for banking and financial applications. I primarily use it to secure APIs handling sensitive operations such as user authentication, account access, payment processing, and data retrieval. These APIs are high risk because they directly interact with sensitive customer data. From a protection standpoint, I use Akamai API Security to detect and mitigate threats like bot abuse, credential stuffing, injection attacks, and unauthorized access attempts. I also enforce controls such as rate limiting and access validation to prevent misuse of the API. From a monitoring perspective, I continuously analyze API traffic patterns to identify anomalies such as unusual spikes in requests, abnormal behavior from specific IPs, or any deviations from the normal API usage. Additionally, I focus on identifying OWASP API security risks such as broken authentication or excessive data exposure and ensure the appropriate policies are in place to mitigate those risks. Overall, the goal is to ensure that all external-facing APIs are secure, resistant, and protected against both automated and targeted attacks. One recent example I worked on was securing a login and authentication API for a banking application. This API was being heavily targeted by automated bot traffic, mainly for credential stuffing attempts. I observed a high volume of login requests coming from a limited set of IP ranges with abnormal request patterns. Using Akamai API Security, I analyzed the traffic behavior and identified that these were non-human requests with repetitive patterns. Based on this, I implemented rate-limiting controls and stricter access policies to restrict excessive login attempts. Additionally, I tuned the security rules to detect anomalies such as unusual request frequency and abnormal headers. This helped me to effectively block malicious traffic while allowing legitimate users. After implementing these controls, I saw a significant reduction in unauthorized login attempts and improved overall stability of the API. This was a key use case where I used Akamai API Security for both detection and prevention of bot-driven attacks. Apart from the primary use case of protecting authentication APIs, I have also seen significant value in using Akamai API Security for detecting and controlling abnormal API usage patterns. One key scenario was identifying excessive data access through a certain API where clients were making unusually high-frequency requests to retrieve the data. While this was not a direct attack, it had the potential to impact application performance and expose sensitive data patterns. Using Akamai API Security, I was able to baseline the normal API behavior and quickly identify these anomalies. Based on that, I implemented rate limiting and access restrictions to control such usage. Another area where it made a difference was in reducing the false positives. By analyzing the API traffic behavior more intelligently, I was able to fine-tune policies so that legitimate users were not impacted while still maintaining strong security controls. Overall, Akamai API Security helped me to move from reactive security to a more proactive and behavior-based approach, thus improving both security and user experience.
Akamai API Security serves as our primary tool for API discovery, risk evaluation, and behavior-based threat detection. The platform provides us with visibility into all active APIs, including endpoints, and helps us reduce our attack surface. Akamai API Security identifies undocumented APIs, commonly known as shadow APIs, and analyzes traffic to detect anomalies such as credential abuse, excessive requests, or suspicious patterns of data access. When anomalous behavior is detected, the system alerts our SOC team and allows security policies to be applied before the traffic reaches our backend systems.
Akamai API Security serves as our primary tool for API discovery, risk evaluation, and behavior-based threat detection. The platform provides us with visibility into all active APIs, including endpoints, and helps us reduce our attack surface. Akamai API Security identifies undocumented APIs, commonly known as shadow APIs, and analyzes traffic to detect anomalies such as credential abuse, excessive requests, or suspicious patterns of data access. When anomalous behavior is detected, the system alerts our SOC team and allows security policies to be applied before the traffic reaches our backend systems.
Since multiple teams were involved in issue resolving, at least ten plus people from our side were involved in the implementation process. Everyone was contributing, even if we consider two per team. We are mostly talking about engineers, so they are all engineers. This ten plus people includes one from the NOC team, one from the operations team, and two or three from the security team.
I use Akamai API Security. I downloaded a report comparing WAF Akamai and WAF Azure to understand the real differences. I studied the solution to comprehend how it detects bots. For example, with Akamai API Security, the browser inspector helps me understand the bot detection capabilities.
My primary use case was to identify PII and financial information exposed over APIs, focusing on accidental exposures or poorly constructed APIs.
We use Akamai API Security to protect our APIs from any DDoS attacks.