NEWS

APImetrics and 42Crunch Collaborate to Close the Loop on API Governance and Compliance

42Crunch and APImetrics offer best-of-breed API security enforcement and API performance and SLA validation.

 

November 22, 2022, Seattle, WA
APImetrics and 42Crunch are collaborating to offer a holistic view across the API lifecycle and dive deep into the API runtime, providing unparalleled observability of the real-world behavior and security of API products.
Companies can verify that the critical security API properties are enforced and operate as designed and specified when APIs are running in production.

“We are excited to work with 42Crunch to help companies interpret the performance and validate their API security design work at run-time,” said David O’Neill, co-founder and CEO at APImetrics. “The time has come to close the loop between the design time and the level of service at run time and see quality as a continuous end-to-end service.”

“Our Developer-First API security platform uniquely combines a ‘shift-left’ design approach with runtime API security policy enforcement that complements APImetrics,” said Jacques Declas, CEO of 42Crunch. “With the ever-increasing number of APIs that we are securing, we’re delighted to partner with APImetrics to now demonstrate the API security performance and quality of the API service at runtime in accordance with corporate governance policies.”

APImetrics is the leading API-native quality and conformance validation platform that provides a real-time view of production API operations from the perspective of external users.
42Crunch provides end-to-end protection for API developers and security practitioners by providing a platform to automate security into the API development pipeline and giving full visibility and control of security policy enforcement at every stage of the API lifecycle.
The combined solution enables API providers, such as major banks and telecom operators, to shift-left and shield right and ensure that production APIs are delivering operational security and adherence to specifications as designed.

“API providers, especially those in heavily regulated industries, are starting to grasp the need to verify API behavior in production, from the perspective of the end user,” said O’Neill. “Validating that the design is of high quality and secure is a critical part, but what happens the next day, week or month? Enterprises need to have assurance that what was built is what continues to deliver day in and day out. 42Crunch and APImetrics can offer that assurance.”

Moving forward, APImetrics plans to capitalize on its privileged view across the runtime environment to extend its shift-right validation capabilities to ensure that API-native authentication and authorization policies are in force and behaving as expected.
Recent research from API design management provider Stoplight indicated that while 90% of organizations have authentication policies in place, only 31% had confidence that those policies were operating adequately.
Securing APIs requires a comprehensive approach, and having design time, run-time and other critical needs covered will become essential to delivering assurance to users and stakeholders alike.

“We are long past the time when companies could self-certify the compliance of their designs, they now need to be able to prove it to themselves, their customers and regulators,” O’Neill said.

About APImetrics
APImetrics offers the industry’s only intelligent, analytics-driven API performance solution built specifically for the enterprise. By interfacing with current and legacy API protocols, APImetrics helps CIOs, customer success teams, developers, and vendors validate that their APIs perform as designed. Monitoring is supported by analytics and fully customizable downtime alerts to deliver the actionable intelligence needed by the enterprise to meet service level agreements and customer expectations. APImetrics offers cross-cloud monitoring services for some of the largest banks, telecommunications providers and IoT providers in the world. The company is headquartered in Seattle, WA. More information is available at APImetrics.io and API.expert.

About 42Crunch
42Crunch provides continuous API security to protect the digital business. Our unique developer-first API security platform enables developers to build and automate security into their API development pipeline and gives security teams full visibility and control of security policy enforcement throughout the API lifecycle. Deployed by Global 2500 enterprises and over 500,000 developers worldwide, 42Crunch enables a seamless DevSecOps experience to reduce governance costs and accelerate the rollout of secure APIs. Visit https://42crunch.com to learn more and sign up to the industry’s #1 online API Security community newsletter at https://APIsecurity.io.

Latest Resources

WEBINAR

OWASP BOLA, BA, BOPLA: wie man sie finded und behebt

Wir werden verstehen wie die OWASP API Top 3 von Hackern genutzt werden um Daten aus Unternehmen zu stehlen und wie man sie schon während der Implementierung findet und beheben kann.

BLOG

API Security-by-Design in the Age of Agentic AI: How 42Crunch is Refining Defense

By Jacques Declas | September 30, 2025

Agentic AI is reshaping the cyber threat landscape and APIs are fully in the cross-hairs as high-value targets. These intelligent, autonomous attack agents can identify, probe, and exploit API vulnerabilities at machine speed—making traditional, reactive defenses obsolete. In this new environment, organizations need proactive, automated, and deeply integrated […]

DataSheet

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Secure Your APIs Today

#1 API security platform