Recent advances in Natural Language Processing (NLP) technology have brought highly efficient algorithms that recover complex language structures and their relations. This session will explain how we import the NLP machinery to protect Application Programming Interfaces (APIs) – one of the most growing trends in applications infrastructure. APIs most dominant threats are characterized by business logic attacks, which break the correlation between entities and data objects in the server. To detect these discrepancies, a new approach is required that can efficiently and effectively process large amounts of data, isolate small data pieces, and model the relation between them – structures, hierarchies, sequences, correlations, relationships, associations with entities, and more – a nearly classical NLP problem. We will explain the analogy between the API domain and the language domain by translating API objects and their relation into language elements like words, sentences, conversations, and paragraphs. We will then show how this approach facilitates uncovering the syntax and semantics of the API language, bring to interesting light relations between the ‘API words’ in various contexts, and differentiate between properly structured requests/responses and anomalies that use the wrong hierarchy when requesting data objects. We will explain how this approach can be used to protect APIs in real-time.