Application programming interfaces (APIs) have evolved far beyond simply serving as ingress and egress points for integration of applications and tools. Modern software uses not just an API-first strategy, but an API-centric approach to take advantage of microservices architectures and cloud-native development paradigms. The prevalence of microservices-based applications and cloud-native approaches that use service mesh technologies represent explosive growth in the number of APIs in use throughout the software stack. But securing those APIs from development to production has not kept pace with the evolution of the technology. Security and DevOps professionals share similar concerns about API security.