It was the wild west in the early days of RESTful APIs. Unlike with SOAP and the Web Services Description Language (WSDL), developers had no standard specification to document their API so that consumers would know how to invoke the various operations. Documenting an API was done manually in ad-hoc ways. To address this shortcoming, several competing specifications appeared and after several years the most widely adopted has been Swagger - now called OpenAPI. With this new de facto standard, can the security posture of APIs be improved? The answer is yes! This session will present a practical solution where new APIs under development can be made highly resistant to attack by leveraging the Swagger/OpenAPI specification.