42Crunch Adds Self Registration and Low-cost Tiers to API Security Platform

42Crunch Democratizes API Security by Adding Self Registration, Free and Low-Cost Tiers to Their Comprehensive API Security Platform


SAN FRANCISCO, FEBRUARY 25, 2020 — Today at the RSA Conference, API security leader and creator of the industry’s first API Firewall – 42Crunch – announced the launch of its new self-registration feature for their API Security Platform. Development, security and operations teams now have instant access to a comprehensive set of API security tools that easily integrate into existing workflows and enable an agile DevSecOps process.

APIs are growing at an exponential rate: not only are they the backbone of any application, but microservices architecture imply exposing internal APIs for every microservice or group of microservices. The average number of APIs to protect within an enterprise is nearing 500, and Gartner is predicting that by 2022 APIs will become the most common attack vector. Unfortunately, API security is very complex and often considered too late in the process.

A shift left approach is required to ensure security is addressed as early as possible in the design phase – enabling the needed DevSecOps process to deliver security and protection throughout the entire API lifecycle. 42Crunch has made this easy by creating a platform based around the industry standard OpenAPI Specification, and now opening it to the public with self-registration to continue their mission of providing the most comprehensive tools for implementing API security best practices.

“APIs are becoming one of the primary attack vectors, yet, API security remains confusing and most solutions out there are incomplete expensive platforms requiring talking to an enterprise sales person to get started” says Jacques Declas, CEO and Founder of 42Crunch. “We believe that no API, private or public, should be deployed without being audited and scanned at design-time and automatically protected at run-time. Our new self-signup option, free tier, and low-cost subscription options let DevOps and Security teams work seamlessly together to Secure all their APIs in real time throughout the API lifecycle!”

“It was the simplicity and low learning curve of REST APIs that led to the explosive growth of the API economy in the last decade.” says Alexei Balaganski, Lead Analyst at KuppingerCole Analysts AG. “However, for the same reasons modern APIs are so difficult to protect against exploits and data breaches. Making proactive security an integral part of the API lifecycle is crucial to be able to develop distributed applications and services resilient against cyberattacks; having guidance and best practices, as well as convenient tools available at developers’ disposal is how the journey towards this goal starts.”

“42Crunch has been doing a great job addressing the former with their API Encyclopedia for quite some time already.” continues Alexei. “Today’s announcement to make the entirety of their API security platform accessible to every developer marks another important step towards making API security as ubiquitous as APIs themselves.”

The new self-registration feature provides instant access to the security tools in the 42Crunch API Security Platform – allowing teams to deliver security across the entire API lifecycle:

  • AUDIT: Run 200+ check security audit of the OpenAPI specification definition with detailed security scoring to help developers define and strengthen API contract.
  • SCAN: Scan live API endpoints to discover potential vulnerabilities and discrepancies of the API implementation against the API contract.
  • PROTECT: Launch service to protect APIs and apply policies that can be deployed in our lightweight, low-latency micro API firewall.


42Crunch API Security Platform Dashboard


42Crunch API Security Platform Audit Report


42Crunch API Security Platform Conformance Scan


42Crunch API Security Platform Protection Dashboard


42Crunch offers a basic free-forever account and tiered pricing based on the number of APIs, users, and API call volume. Sign up for an account today at:

Last year they launched an OpenAPI (Swagger) Editor for VS Code as part of an overall strategy to simplify and automate API security. The extension has been well received with a 5 star rating, and more than 39,000 downloads. You can download it for free

Learn more about the 42Crunch API Security Platform

About 42Crunch
42Crunch bridges the gap between API development, security and operations teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, the 42Crunch platform empowers development, security and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity and protect businesses against API threats. To learn more visit:

Latest Resources


Something Old, Something New – OWASP API Security Top 10 in 2023

42Crunch’s Colin Domoney takes a look at the new OWASP API Security 2023 listing, identifying which vulnerabilities are new, which have not changed and which have been removed.


How to Embed API Security Testing into the Development Lifecycle without Delaying Production Rollout

By Mark Dolan | September 19, 2023

This is the first in a 3-part series of blogs exploring how 42Crunch assists enterprises with API security compliance. In her seminal blogpost, “Shifting Security to the Left” Shannon Lietz explains how including security testing earlier in the development lifecycle makes for longer-lived and more resilient software. The principles she advocates for are also what guides us at 42Crunch..


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.