# API Security Policies API Security policies identify security weaknesses in APIs that may expose applications to unauthorized access or data leakage. The policies focus on configuration and design issues in API definitions and implementations, helping teams detect risks early as APIs become a critical interface for applications and services. The article describes the policies in this category, configuration options, and the impact of policy violations. For an overview of policies and policy management, see the [Policies ](https://docs.ox.security/ox-policies)article.
## View and manage API Security policies Open each policy to view the business impact and optional settings.
API security issue **Purpose:** Detects misconfigurations and security weaknesses in APIs in source code (not in runtime/cloud-deployed environments). Examples are insecure endpoints or insufficient access controls. **Business impact:** Security lapses in APIs can allow attackers to access data, bypass authorization, or disrupt services. As organizations rely more heavily on APIs for integration and functionality, unresolved API security issues can lead to widespread data exposure and system compromise.
SettingDescriptionDefault
ON/OFF (toggle)Enable/disable the policy.ON
Show issues of severity (dropdown)Limits which severities appear as issues.All (including Info)
Ignore Application Business Priority for severity calculation (checkbox)When enabled, severity is not adjusted based on application priority.

OFF


OpenAPI security issue **Purpose:** Validates OpenAPI specifications to identify misconfigurations, insecure definitions, and gaps in authentication or access control. **Business impact:** Misconfigured OpenAPI definitions can expose sensitive endpoints or weaken security controls, increasing the risk of unauthorized access and data breaches. As OpenAPI specifications often drive API implementation and client behavior, security gaps at this level can propagate across services and amplify overall system risk.
SettingDescriptionDefault
ON/OFF (toggle)Enable/disable the policy.ON
Show issues of severity (dropdown)Limits which severities appear as issues.All (including Info)
Ignore Application Business Priority for severity calculation (checkbox)When enabled, severity is not adjusted based on application priority.

OFF


## View policy issues 1. Open the Active Issues page. 2. Use the **Category** filter and select the policy category to view related active issues. 3. Use the **Policy** filter to narrow the list to a specific policy. 4. Apply the Category and Policy filters separately or together, depending on how specific you want the results to be. 5. Use the search box to refine results, such as filtering by file name, keyword, or rule identifier. ## Create or save policy profiles When you change a policy’s severity, ON/OFF toggle or any other setting, you must save the current profile or create a new one. * To save the current profile, click **SAVE** in the page header. * To create a new profile, click **SAVE AS** in the page header. For instructions, see the section [Create or edit policy profiles ](https://open-2c.gitbook.com/url/preview/site_RHimt/~/revisions/esBak1HVuTgsCEeNbzHE/policies?theme=light#create-or-edit-policy-profiles)in the [Policies ](https://docs.ox.security/ox-policies/policies)article.