Blog post

Hey Mom, Don’t Read This.

(Seriously. Please don’t.)

⏱️ 4–6 min read Topic: API Security

If you’re reading this, you did exactly what I knew you’d do.
Good. Because this is important.

This is about API security.
And no, it’s not “a computer thing.”
It’s a life thing.

You Know When You…

You know when you:

  • Check your bank balance on your phone
  • Order groceries online
  • Track a delivery
  • Log into an app without creating a new password
  • Pay for coffee using your phone

That invisible conversation happening behind the scenes?

That’s an API.

What an API Really Is (No Tech Words)

An API is a messenger.

It’s the thing that:

  • Takes your request
  • Delivers it to the right place
  • Brings back the answer

Think of a Restaurant

  • You = the customer
  • The kitchen = the bank, shop, or company
  • The waiter = the API

You don’t walk into the kitchen and cook your own food.
You tell the waiter what you want.

The waiter:

  • Listens
  • Makes sure the order makes sense
  • Passes it to the kitchen
  • Brings your food back

That’s how the digital world works.

So What Is API Security?

API security is making sure the waiter:

  • Only accepts orders from the right table
  • Doesn’t let one customer change another customer’s order
  • Doesn’t reveal what everyone else ordered
  • Doesn’t serve the same person 500 meals in 5 minutes

Without API security?

Anyone can shout into the kitchen.

Remember When…

Remember when:

  • Banks leaked customer data
  • Ride apps exposed trip histories
  • Health apps exposed medical records
  • Telecom companies leaked phone numbers

Most of the time, it wasn’t someone “hacking” in a movie-style way.

It was an API that:

  • Trusted the wrong request
  • Forgot to check permissions
  • Assumed users would behave

Attackers love assumptions.

Traffic, Because This One Makes Sense

You understand traffic rules:

  • Green light = go
  • Red light = stop
  • Speed limits
  • Restricted roads

APIs need the same rules.

Insecure APIs are like:

  • No red lights
  • No speed limits
  • No license checks
  • Anyone driving anywhere

And then everyone is shocked when there’s a crash.

“But I Use Secure Apps…”

So do millions of other people.
That doesn’t mean the back door is locked.

APIs are the back doors of apps.

Front doors have locks, alarms, cameras.
Back doors are often:

  • Rushed
  • Forgotten
  • Poorly tested

That’s where the real damage happens.

Why You Should Care (Yes, You)

Because APIs handle:

  • Your money
  • Your identity
  • Your location
  • Your health records
  • Your phone number

Every “small request” adds up.

And when an API gets it wrong, the damage is quiet — but massive.

The Part I Really Want You to Read

You always told me:

“Don’t talk to strangers.”

Bad APIs do that all day long.

They say:

“You sound legit.
Sure, go ahead.”

API security is simply teaching systems to say:

“No. Prove it.”

Final Warning

You weren’t supposed to read this.
But now that you did…

Next time an app asks for just one more thing,
or a company says “no passwords were compromised”, remember:

The real conversation happens where you can’t see it.
And that conversation matters.

Hey mom… you can stop reading now.

© 2025 • Written by Rae who is learning in public, building from first principles.