To connect devices with each other and the Internet, developers rely on application programming interfaces (APIs) that specify the intended behavior of the device without revealing how it works. Connected devices are now commonplace, so it's no wonder that securing exposed APIs has risen in importance when protecting against data breaches. In this talk, the author will describe the basics of API security, and give an example of his recent run-in with a weakly secured API (that made headlines)!