Explore the critical aspects of API security in this 50-minute conference talk from APPSEC Cali 2018. Delve into potential threats arising from undersecured Web APIs and learn techniques to strengthen your API security posture. Gain a clear understanding of user authorization via OAuth2, software authorization using static API keys, and their crucial interplay. Address concerns about mobile API consumers with poorly concealed secrets in statically published code. Discover practical advice and code examples for improving mobile API security, including the implementation of certificate pinning to enhance channel communications. Examine advanced techniques such as app hardening, white box cryptography, and mobile app attestation. Walk away with a comprehensive understanding of the underprotected API problem, immediately applicable tips to enhance your API security, and insights into emerging tools and technologies that enable significant improvements in API protection.