APImetrics and 42Crunch Collaborate to Close the Loop on API Governance and Compliance

42Crunch and APImetrics offer best-of-breed API security enforcement and API performance and SLA validation.


November 22, 2022, Seattle, WA
APImetrics and 42Crunch are collaborating to offer a holistic view across the API lifecycle and dive deep into the API runtime, providing unparalleled observability of the real-world behavior and security of API products.
Companies can verify that the critical security API properties are enforced and operate as designed and specified when APIs are running in production.

“We are excited to work with 42Crunch to help companies interpret the performance and validate their API security design work at run-time,” said David O’Neill, co-founder and CEO at APImetrics. “The time has come to close the loop between the design time and the level of service at run time and see quality as a continuous end-to-end service.”

“Our Developer-First API security platform uniquely combines a ‘shift-left’ design approach with runtime API security policy enforcement that complements APImetrics,” said Jacques Declas, CEO of 42Crunch. “With the ever-increasing number of APIs that we are securing, we’re delighted to partner with APImetrics to now demonstrate the API security performance and quality of the API service at runtime in accordance with corporate governance policies.”

APImetrics is the leading API-native quality and conformance validation platform that provides a real-time view of production API operations from the perspective of external users.
42Crunch provides end-to-end protection for API developers and security practitioners by providing a platform to automate security into the API development pipeline and giving full visibility and control of security policy enforcement at every stage of the API lifecycle.
The combined solution enables API providers, such as major banks and telecom operators, to shift-left and shield right and ensure that production APIs are delivering operational security and adherence to specifications as designed.

“API providers, especially those in heavily regulated industries, are starting to grasp the need to verify API behavior in production, from the perspective of the end user,” said O’Neill. “Validating that the design is of high quality and secure is a critical part, but what happens the next day, week or month? Enterprises need to have assurance that what was built is what continues to deliver day in and day out. 42Crunch and APImetrics can offer that assurance.”

Moving forward, APImetrics plans to capitalize on its privileged view across the runtime environment to extend its shift-right validation capabilities to ensure that API-native authentication and authorization policies are in force and behaving as expected.
Recent research from API design management provider Stoplight indicated that while 90% of organizations have authentication policies in place, only 31% had confidence that those policies were operating adequately.
Securing APIs requires a comprehensive approach, and having design time, run-time and other critical needs covered will become essential to delivering assurance to users and stakeholders alike.

“We are long past the time when companies could self-certify the compliance of their designs, they now need to be able to prove it to themselves, their customers and regulators,” O’Neill said.

About APImetrics
APImetrics offers the industry’s only intelligent, analytics-driven API performance solution built specifically for the enterprise. By interfacing with current and legacy API protocols, APImetrics helps CIOs, customer success teams, developers, and vendors validate that their APIs perform as designed. Monitoring is supported by analytics and fully customizable downtime alerts to deliver the actionable intelligence needed by the enterprise to meet service level agreements and customer expectations. APImetrics offers cross-cloud monitoring services for some of the largest banks, telecommunications providers and IoT providers in the world. The company is headquartered in Seattle, WA. More information is available at and

About 42Crunch
42Crunch provides continuous API security to protect the digital business. Our unique developer-first API security platform enables developers to build and automate security into their API development pipeline and gives security teams full visibility and control of security policy enforcement throughout the API lifecycle. Deployed by Global 2500 enterprises and over 500,000 developers worldwide, 42Crunch enables a seamless DevSecOps experience to reduce governance costs and accelerate the rollout of secure APIs. Visit to learn more and sign up to the industry’s #1 online API Security community newsletter at

Latest Resources


Review of Major API Security Breaches from H1 2024

In this latest webinar, Anthony Lonergan, reviews some of the most recent high-profile API breaches that occurred in 2024.
Anthony will give a detailed overview of each attack and explain how the different vulnerabilities could be exploited to compromise the companies involved. He then practically demonstrates how companies can remediate against these vulnerabilities order to better protect their APIs.


The Scourge of SQL Injection for APIs

By Anthony Lonergan | June 25, 2024

In a report published in May 2024, cybersecurity firm Eclypsium outlined key vulnerabilities discovered in the F5 Big IP Next device. It’s another sobering reminder of the challenges faced in securing APIs when a highly regarded security company like F5 launches a new flagship product with all-too-familiar vulnerabilities […]


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.