This document discusses the need for a holistic approach to API security as APIs have become more widely used. It notes that API security needs to evolve from established perimeter security models to new models to account for blurred perimeters from APIs. The document advocates considering all aspects of API security including authentication, authorization, integrity, confidentiality, availability, auditability and more. It also stresses that the right infrastructure is needed and that a one-size-fits-all approach does not work given differences in APIs. The document promotes securing APIs through the entire development lifecycle from design to deployment using a Sec-Dev-Ops model with collaboration between teams.