API Sebagai Inti Produk Digital dan Risiko Operasional di Lingkungan Perusahaan Modern
DOI:
https://doi.org/10.61132/prosemnasimkb.v2i2.232Keywords:
API gates, Cybersecurity, Digital Products, Shadow Fire, Web Application FirewallAbstract
APIs (Application Programming Interfaces) have become a key component in the development of modern digital products and the transformation of cloud-based services. Its ability to provide structured access to data and enable cross-platform integration makes APIs at the core of the enterprise's digital architecture. However, the high level of API openness poses increasingly complex security challenges, including potential data exploitation, injection attacks, credential misuse, and exploitation of business logic loopholes. This article examines the strategic role of APIs in the digital ecosystem, analyzes the operational risks that arise from API exposure, and evaluates the effectiveness of basic defense mechanisms such as API Gateways and Web Application Firewalls (WAFs). The findings of the study show that while both solutions play an important role in controlling access, filtering, and mitigating attacks at the surface layer, they have not been able to provide comprehensive protection against modern API threats that are dynamic, distributed, and often exploit weaknesses at the application and business logic levels. Therefore, a more holistic, layered, and sustainable API security approach is needed, including anomalous behavior detection, API abuse protection, and real-time monitoring to maintain the integrity and reliability of digital services.
Downloads
References
Ali, I. (2021). Examining cyber security implementation through TLS/SSL on academic institutional repository in Indonesia. Berkala Ilmu Perpustakaan dan Informasi, 17(2), 238. https://doi.org/10.22146/bip.v17i2.2082
Apriany, A., & Wibowo, A. (2024). Analysis of the implementation of ISO 27001: 2022 and KAMI Index in enhancing the information security management system in consulting firms. IJCCS (Indonesian Journal of Computing and Cybernetics Systems), 18(4). https://doi.org/10.22146/ijccs.100385
Bermbach, D., & Wittern, E. (2016). Benchmarking Web API quality. In Lecture notes in computer science (p. 188). Springer. https://doi.org/10.1007/978-3-319-38791-8_11
Bhuiyan, T., Begum, A., Rahman, S., & Hadid, I. (2018). API vulnerabilities: Current status and dependencies. International Journal of Engineering & Technology, 7(2.3), 9. https://doi.org/10.14419/ijet.v7i2.3.9957
Chintia, E., Nadiah, R., Ramadhani, H. N., Haedar, Z. F., Febriansyah, A., & Kom, M. (2019). Kasus kejahatan siber yang paling banyak terjadi di Indonesia dan penanganannya. Journal of Information Engineering and Educational Technology, 2(2), 65–69. https://doi.org/10.26740/jieet.v2n2.p65-69
Darojat, E. Z., Sediyono, E., & Sembiring, I. (2022). Vulnerability assessment website e-government dengan NIST SP 800-115 dan OWASP menggunakan Web Vulnerability Scanner. Jurnal Sistem Informasi Bisnis, 12(1), 36–44. https://doi.org/10.21456/vol12iss1pp36-44
Haryadi, E., Yuliandari, D., Abdussomad, A., Wijayanti, D., Amelia, M., & Syafrianto, S. (2021). Maintaining the continuity of the company’s operation using the NIST framework for SME. Jurnal Teknik Komputer, 7(1), 74–82. https://doi.org/10.31294/jtk.v7i1.9486
Herdiana, Y., Munawar, Z., & Putri, N. I. (2021). Mitigasi ancaman risiko keamanan siber di masa pandemi COVID-19. Jurnal ICT Information Communication & Technology, 20(1), 42–50. https://doi.org/10.36054/jict-ikmi.v20i1.305
Idellie, P. L., & Atok, R. M. (2023). Pemodelan distribusi kerugian siber dengan pendekatan copula dan perhitungan premi asuransi siber. Jurnal Sains dan Seni ITS, 12(1). https://doi.org/10.12962/j23373520.v12i1.97479
Islami, M. J. (2018). Tantangan dalam implementasi strategi keamanan siber nasional Indonesia ditinjau dari penilaian Global Cybersecurity Index. Masyarakat Telematika dan Informasi: Jurnal Penelitian Teknologi Informasi dan Komunikasi, 8(2), 137–150. https://doi.org/10.17933/mti.v8i2.108
Matondang, N., Isnainiyah, I. N., & Muliawatic, A. (2018). Analisis manajemen risiko keamanan data sistem informasi (Studi kasus: RSUD XYZ). Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), 2(1), 282–290. https://doi.org/10.29207/resti.v2i1.96
Mayasari, R., Ridha, A. A., Juardi, D., & Baihaqi, K. A. (2020). Analisis vulnerability pada website Universitas Singaperbangsa Karawang menggunakan Acunetix Vulnerability. Systematics, 2(1), 33–39. https://doi.org/10.35706/sys.v2i1.3450
Munsch, A., & Munsch, P. (2021). The future of API (Application Programming Interface) security: The adoption of APIs for digital communications and the implications for cyber security vulnerabilities. Journal of International Technology and Information Management, 29(3), 24–39. https://doi.org/10.58729/1941-6679.1454
Muntahanah, M., Darmi, Y., & Pinandita, K. (2024). Implementasi perbandingan metode GraphQL dan REST API pada teknologi Node.js. INTECOMS Journal of Information Technology and Computer Science, 7(1), 25–35. https://doi.org/10.31539/intecoms.v7i1.8656
Paryati, P. (2015). Keamanan sistem informasi. Seminar Nasional Informatika (SEMNASIF), 1(4). http://jurnal.upnyk.ac.id/index.php/semnasif/article/download/743/621
Pranata, B. A., Hijriani, A., & Junaidi, A. (2018). Perancangan Application Programming Interface (API) berbasis web menggunakan gaya arsitektur Representational State Transfer (REST) untuk pengembangan sistem informasi administrasi pasien klinik perawatan kulit. Jurnal Komputasi, 6(1), 33–44. https://doi.org/10.23960/komputasi.v6i1.1554
Rozie, A. F. (2022). Analisis keselamatan dan kelayakan penggunaan CNG buffer storage tank berbasis metode residual life assessment. AME (Aplikasi Mekanika dan Energi) Jurnal Ilmiah Teknik Mesin, 8(1), 48–57. https://doi.org/10.32832/ame.v8i1.6194
Saputra, L. A., Akbar, F. M., Cahyaningtias, F., Ningrum, M. P., & Fauzi, A. (2023). Ancaman keamanan pada sistem informasi manajemen perusahaan. Jurnal Pendidikan Siber Nusantara, 1(2), 58–68. https://doi.org/10.38035/jpsn.v1i2.48
Sidabutar, J. (2024). Analisa sistem manajemen keamanan informasi (SMKI) organisasi menggunakan Indeks KAMI. Journal of Information and Technology, 4(2), 50–60. https://doi.org/10.32938/jitu.v4i2.7747
Siriwardena, P. (2014). Advanced API security. Apress. https://doi.org/10.1007/978-1-4302-6817-8
Umar, R., Riadi, I., & Handoyo, E. (2019). Analisis keamanan sistem informasi berdasarkan framework COBIT 5 menggunakan Capability Maturity Model Integration (CMMI). Jurnal Sistem Informasi Bisnis, 9(1), 47–54. https://doi.org/10.21456/vol9iss1pp47-54
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Prosiding Seminar Nasional Ilmu Manajemen Kewirausahaan dan Bisnis
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
