{"id":96199,"date":"2024-06-18T16:20:00","date_gmt":"2024-06-18T16:20:00","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=learn&p=96199"},"modified":"2025-12-17T16:04:45","modified_gmt":"2025-12-17T14:04:45","slug":"api-management-best-practice-automated-api-security-testing","status":"publish","type":"learn","link":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/","title":{"rendered":"API Management Best Practice: Automated API Security Testing"},"content":{"rendered":"
\n
\n
\n

Navigating The API Security Landscape<\/strong><\/h2>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n

APIs are the name of the game for any company with its sights set on growth and innovation. These application programming interfaces are the interconnected highways of the digital world. They help development teams move quicker and more efficiently to keep up with the speed of businesses.<\/p>\n

It\u2019s not unusual for a single developer to use 10 to 15 APIs for each application they build. But what is the API management best practice for organizations with large development teams to document and keep track of hundreds and even thousands of APIs? More importantly, how do they prevent API security threats? With everything moving to the cloud, this become one of the most challenging puzzles of API threat protection. The hard truth is that developers and security teams that want to stay ahead of the API curve can\u2019t do it alone with standard tools. They need help \u2013 and that help is through\u00a0automated API security testing<\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n

\n
\n
\n

<\/h2>\n

Why APIs Are Inherently Vulnerable<\/h2>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n

By their nature,\u00a0APIs are rife with weaknesses and easy targets for attack<\/span><\/a>\u00a0by hackers and criminals. This is not surprising considering APIs account for over 80% of all web traffic today. Yet, developers are quickly pumping out APIs without always paying attention to\u00a0API security testing<\/strong>. Often, multiple teams work on the same project and contribute to the same API, making the ownership unclear. Sometimes developers sprint to get an API into production and forget to create the corresponding documentation. As a result, most APIs are released into production before undergoing any form of\u00a0API vulnerability testing<\/strong>.<\/p>\n

Unfortunately, none of the traditional technological solutions today adequately address all pieces of API security risks as outlined in the\u00a0OWASP API Security Top 10 for 2023<\/span><\/a>. Some of these unique vulnerabilities and risks include broken object-level authorization, unrestricted access to sensitive business flows, and improper inventory management. The consequences of ignoring these flaws can be catastrophic. Attackers might attempt to abuse paths for logged-in users, exfiltrate sensitive data by fuzz testing the endpoints, or force the site down using DDoS attacks. In many\u00a0API attack<\/strong>s, adversaries work under the radar over the course of many months or even years, bypassing traditional security methods and leading to massive losses of data.<\/p>\n

However, one of the most vulnerable parts of an API doesn\u2019t get talked about much at all \u2014\u00a0hidden APIs<\/strong><\/a>.<\/p>\n

Shadow And Zombie APIs<\/h3>\n

API sprawl<\/em>\u00a0happens when organizations fail to keep track of which internal and external APIs they are using, known as\u00a0undocumented APIs<\/strong>. So,\u00a0how to find undocumented APIs<\/a>? It\u2019s not easy. With so many in use, managing inventories and corresponding documentation can become overwhelming.<\/p>\n

Sometimes an API is developed and deployed without an application but it\u2019s never actually used. The result is a\u00a0zombie API<\/em>. Or an API that was quickly built to address a business need, outside of official processes and governance. These are called\u00a0shadow APIs<\/em><\/strong>. Neither of these APIs are properly documented or decommissioned, leaving an exposed attack surface. Finding these\u00a0hidden APIs<\/strong>\u00a0requires a special approach that is not normally infused within typical\u00a0API security solutions<\/strong>.<\/p>\n<\/div>\n<\/div>\n<\/div>\n

\n
\n
\n

<\/h2>\n

Limitations Of Traditional API Security Testing<\/h2>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n

Most of the traditional\u00a0API security platforms<\/strong>\u00a0in use today, including web access firewalls (WAFs), API gateways and load balancers, are unable to get the job done.<\/p>\n

The overall problem is that these solutions are only scanning APIs that are live at the end of the code lifecycle. Additionally, WAFs and gateways are largely run on signature-based rules that are designed to catch known attack patterns.<\/p>\n

Rules can\u2019t be configured for unknown vulnerabilities or zero-day bugs. And what about the security vulnerabilities and weaknesses that cannot be seen \u2014 like the zombies and shadows that are undocumented and do not use live traffic but are still an open attack surface? The reality is that many APIs are going into production outside of the purview of security frameworks.<\/p>\n<\/div>\n<\/div>\n<\/div>\n

\n
\n
\n

<\/h2>\n

Introducing API Security Testing Automation<\/h2>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n

Piling all these issues onto the plate, it\u2019s easy to see why even the most astute developers and AppSec teams can\u2019t keep up with the growth of APIs without\u00a0automated API security tools<\/strong>.<\/p>\n

Forward-thinking API security testing and monitoring tools like\u00a0Checkmarx One\u00a0use a holistic solution that spans the whole lifecycle of the API \u2014 not just one little part of it.<\/p>\n

This \u201cshift left\u201d approach starts with\u00a0API vulnerability scanning tools<\/strong>\u00a0in the development stage, which catch problems before they reach production, where the fixes are cheaper and easier.<\/p>\n

It also takes into account API documentation, ensures compliance, and finds hidden APIs.<\/p>\n

These\u00a0API security testing automation<\/strong>\u00a0tools also integrate with other tools (like static and dynamic code analysis) to provide continuous monitoring throughout the entire lifecycle.<\/p>\n

Learn more about\u00a0automated API security solutions<\/span><\/a>\u00a0provided by experts like Checkmarx, and see how it all works:<\/p>\n

    \n
  1. \nDesign<\/strong>: All API documentation (Swagger, RAML files etc.) are scanned before developers start coding to ensure that security is added to this process.<\/li>\n
  2. \nCoding<\/strong>: Scanning is integrated into the tools developers are already using, so there is no need to work with yet another dashboard. Developers can run a scan at any time using the CLI, getting prioritization suggestions and guided remediation.<\/li>\n
  3. \nCheck-in<\/strong>: Source code is scanned again at check-in or code merge, and findings are aggregated for a full API inventory. The inventory is cross-referenced against the API documentation to make sure no zombie or\u00a0shadow APIs<\/strong>\u00a0were missed.<\/li>\n
  4. \nBuild<\/strong>: Once in the CI\/CD pipeline, the\u00a0API security management<\/strong>\u00a0system sends developers and AppSec teams updates on flaws, and automatically opens tickets (closing them when resolved).<\/li>\n
  5. \nDeploy<\/strong>: Deployments are secured using infrastructure as code. Common IaC files are parsed to detect insecure configurations that could expose APIs.<\/li>\n<\/ol>\n

    The Checkmarx One\u00a0API security solution<\/a> doesn\u2019t just scan individual APIs in isolation but looks at them within the context of each other and the entirety of the source code \u2014 exactly the way an attacker does.<\/p>\n<\/div>\n<\/div>\n<\/div>\n

    \n
    \n
    \n

    <\/h2>\n

    Peace Of Mind With End-To-End API Protection<\/h2>\n<\/div>\n<\/div>\n<\/div>\n
    \n
    \n
    \n

    Developers can\u2019t handle\u00a0API security management<\/strong>\u00a0alone if they want to continue working fast and scaling up. They also can\u2019t rely on current solutions that focus on live traffic that will miss hidden APIs and problems with documentation. The Checkmarx One\u00a0API security platform<\/strong>\u00a0offers a complete holistic approach, spanning the entire SDLC. It provides the assurance that security touchpoints are doing what humans can\u2019t. To find out why automation is AppSec\u2019s best friend when it comes to\u00a0API protection<\/strong>, visit the\u00a0Checkmarx One page on API security<\/span><\/a>.<\/p>\n<\/div>\n<\/div>\n<\/div>","protected":false},"author":84,"featured_media":92350,"parent":0,"menu_order":0,"template":"","meta":{"_acf_changed":false,"footnotes":""},"learn-cat":[851],"class_list":["post-96199","learn","type-learn","status-publish","has-post-thumbnail","hentry","learn-cat-api-security"],"acf":[],"yoast_head":"\nAPI Management Best Practice: Automated API Security Testing<\/title>\n<meta name=\"description\" content=\"Adopt best practices in API management: Automate security against shadow & zombie APIs, tackle OWASP top 10 risks & ensure secured API lifecycle\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"API Management Best Practice: Automated API Security Testing\" \/>\n<meta property=\"og:description\" content=\"Adopt best practices in API management: Automate security against shadow & zombie APIs, tackle OWASP top 10 risks & ensure secured API lifecycle\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-17T14:04:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1792\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/\"},\"author\":{\"name\":\"Avi Hein\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\"},\"headline\":\"API Management Best Practice: Automated API Security Testing\",\"datePublished\":\"2024-06-18T16:20:00+00:00\",\"dateModified\":\"2025-12-17T14:04:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/\"},\"wordCount\":1096,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/\",\"url\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/\",\"name\":\"API Management Best Practice: Automated API Security Testing\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg\",\"datePublished\":\"2024-06-18T16:20:00+00:00\",\"dateModified\":\"2025-12-17T14:04:45+00:00\",\"description\":\"Adopt best practices in API management: Automate security against shadow & zombie APIs, tackle OWASP top 10 risks & ensure secured API lifecycle\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg\",\"width\":1792,\"height\":1024,\"caption\":\"API Security hero image\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79\",\"name\":\"Avi Hein\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png\",\"caption\":\"Avi Hein\"},\"url\":\"https:\/\/checkmarx.com\/author\/avihein\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"API Management Best Practice: Automated API Security Testing","description":"Adopt best practices in API management: Automate security against shadow & zombie APIs, tackle OWASP top 10 risks & ensure secured API lifecycle","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/","og_locale":"en_US","og_type":"article","og_title":"API Management Best Practice: Automated API Security Testing","og_description":"Adopt best practices in API management: Automate security against shadow & zombie APIs, tackle OWASP top 10 risks & ensure secured API lifecycle","og_url":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2025-12-17T14:04:45+00:00","og_image":[{"width":1792,"height":1024,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/"},"author":{"name":"Avi Hein","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79"},"headline":"API Management Best Practice: Automated API Security Testing","datePublished":"2024-06-18T16:20:00+00:00","dateModified":"2025-12-17T14:04:45+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/"},"wordCount":1096,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/","url":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/","name":"API Management Best Practice: Automated API Security Testing","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg","datePublished":"2024-06-18T16:20:00+00:00","dateModified":"2025-12-17T14:04:45+00:00","description":"Adopt best practices in API management: Automate security against shadow & zombie APIs, tackle OWASP top 10 risks & ensure secured API lifecycle","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/learn\/api-security\/api-management-best-practice-automated-api-security-testing\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/API-Management-Best-Practice_Automated-API-Security-Testing-v2.jpg","width":1792,"height":1024,"caption":"API Security hero image"},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3546917fa0246ce4d997275a745acd79","name":"Avi Hein","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_84.png","caption":"Avi Hein"},"url":"https:\/\/checkmarx.com\/author\/avihein\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn\/96199","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/learn"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/84"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn\/96199\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/92350"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=96199"}],"wp:term":[{"taxonomy":"learn-cat","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/learn-cat?post=96199"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}