Computing, IT Systems, and Emerging Technologies Uganda

API Security and Governance Training Course

API ecosystems now expose more business capability, more sensitive data, and more attack paths than most teams can monitor manually, which is why weaknesses in OpenAPI design, OAuth 2.0 controls, and CI/CD enforcement quickly become security, compliance, and reliability problems. API Security and Governance Training is a practical framework for designing, securing, inventorying, and governing APIs across their lifecycle. It enables professionals to identify API risks, apply policy controls, and produce defensible governance artefacts that support audit trails and operational oversight. This course is designed for API security engineers, application security analysts, platform engineers, DevSecOps practitioners, and compliance officers who need to control shadow APIs, define policy guardrails, and communicate risk to technical and leadership audiences. You will work through API inventories, security checklists, governance scorecards, and control maps so you can move from ad hoc protection to evidence-based API Security and Governance that stands up to modern automation pressure and faster release cycles.

Duration
5 Days
Duration
Certificate
Certificate
Included
Delivery
Instructor-Led
Delivery
Level
Intermediate
Level
Download Brochure

Choose Your Preferred Training Format

Training Options

Reserve Your Spot Today — Pay When You're Ready!

Classroom Training

In-person sessions at premier locations

Nairobi Kenya
Mon - Fri
5 Days
USD 1,600
View Sessions
Kigali Rwanda
Mon - Fri
5 Days
USD 1,900
View Sessions
Dubai United Arab Emirates (UAE)
Mon - Fri
5 Days
USD 4,100
View Sessions
Zanzibar Tanzania
Mon - Fri
5 Days
USD 2,400
View Sessions
Customized Content
Team Training
Flexible Dates

In-person training at our premier venues — pick a city and date that works for you.

Location Duration Fee Language
Nairobi, Kenya Mon - Fri (5 Days) USD 1,600 English See dates & reserve →
Kigali, Rwanda Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Dubai, United Arab Emirates (UAE) Mon - Fri (5 Days) USD 4,100 English See dates & reserve →
Zanzibar, Tanzania Mon - Fri (5 Days) USD 2,400 English See dates & reserve →
Abuja, Nigeria Mon - Fri (5 Days) USD 2,800 English See dates & reserve →
Addis Ababa, Ethiopia Mon - Fri (5 Days) USD 2,400 English See dates & reserve →
Mombasa, Kenya Mon - Fri (5 Days) USD 1,700 English See dates & reserve →
Cape Town, South Africa Mon - Fri (5 Days) USD 3,900 English See dates & reserve →
Johannesburg, South Africa Mon - Fri (5 Days) USD 3,500 English See dates & reserve →
Kampala, Uganda Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Pretoria, South Africa Mon - Fri (5 Days) USD 3,300 English See dates & reserve →
Lagos, Nigeria Mon - Fri (5 Days) USD 2,500 English See dates & reserve →
Arusha, Tanzania Mon - Fri (5 Days) USD 2,000 English See dates & reserve →
Dar es Salaam, Tanzania Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Accra, Ghana Mon - Fri (5 Days) USD 3,800 English See dates & reserve →
Bangalore, India Mon - Fri (5 Days) USD 4,200 English See dates & reserve →
Muscat, Oman Mon - Fri (5 Days) USD 4,300 English See dates & reserve →
Naivasha, Kenya Mon - Fri (5 Days) USD 1,700 English See dates & reserve →

Live, instructor-led sessions you can join from anywhere — pick the next start date below.

Code Start Date End Date Duration Fee
No Data

Our instructor comes to your office — same curriculum and accredited certificate, with case studies built around the work your team actually does.

Team Training

Train your entire team together in a familiar environment for better collaboration

Fully Customized

Content tailored to your industry, tools, and specific business challenges

Cost Effective

Save on travel & accommodation costs when training multiple employees

Flexible Scheduling

Choose dates that work best for your team's availability and projects

How It Works
1
Request a Quote

Tell us about your team size, preferred dates, and training goals

2
Get a Custom Proposal

Receive a tailored training plan and competitive pricing within 24 hours

3
We Come to You

Our certified trainer arrives ready to deliver impactful, hands-on training

Ready to upskill your team on API Security and Governance Training?

No commitment required · Response within 24 hours

What You'll Master in This Training

Built by industry pros — practical insights, real-world examples, and strategies you can apply immediately.

Module 1: API Ecosystems and Risk

  • API lifecycle stages and ownership models
  • OpenAPI specification as the design baseline
  • OWASP API Security Top 10 risk patterns
  • Shadow API, zombie API, and rogue API exposure
  • Exercise: map an API estate inventory
  • API discovery workflows and ownership attribution
  • Agentless scanning concepts for API inventories
  • Metadata fields for version, status, and sensitivity
  • Service catalogs and API registries
  • Exercise: create an API inventory register
  • OAuth 2.0 authorization flows
  • JWT claims and token scope design
  • Role-based access control for API endpoints
  • Token validation and session handling controls
  • Exercise: design an access control matrix
  • OpenAPI schema validation and linting
  • Naming and versioning conventions
  • Required fields for request and response documentation
  • Change control for breaking API updates
  • Exercise: draft an OpenAPI governance checklist
  • API gateway policy enforcement points
  • Rate limiting and throttling rules
  • Request validation and schema enforcement
  • Service mesh policy considerations
  • Exercise: build a runtime policy map
  • CI/CD pipeline security gates for APIs
  • Automated scanning in release workflows
  • Secret handling and configuration checks
  • Test automation for authentication and validation
  • Exercise: design a pipeline control workflow
  • API logging for authentication and access events
  • Alerting on misconfigurations and policy violations
  • SIEM integration concepts for API telemetry
  • Incident triage for exposed or abused endpoints
  • Exercise: create an API monitoring dashboard
  • API risk register prioritization
  • Governance scorecards and control maturity metrics
  • Executive reporting for security and product leaders
  • 90-day action plans and roadmap sequencing
  • Exercise: produce an API governance roadmap

Drop Us a Query

Fill out the form below and we'll get back to you.

About the Course

Organizations want API Security and Governance that they can prove, not just describe. That means you need to show disciplined use of OpenAPI, OAuth 2.0, and OWASP API Security Top 10 thinking, plus the ability to maintain an accurate API inventory, enforce policy at the gateway, and document exceptions in a way auditors and platform owners can follow. Without that discipline, shadow APIs, inconsistent authentication, and weak data exposure patterns create avoidable breach risk and operational friction.

This course turns scattered API knowledge into a structured operating model. You will practice API discovery with governance checklists, map controls across design and runtime stages, draft a policy baseline, and build a practical API risk register and governance scorecard. You will also be introduced to threat modeling, rate limiting, schema validation, service mesh control points, and automated scanning approaches at an operational level, while practicing hands-on exercises with inventories, control mappings, and enforcement decisions. This course teaches you how to assess API posture, define controls, and report governance status so you can reduce exposure and improve release discipline. It is especially useful when security, development, and platform teams must align under tight delivery schedules.

Real delivery constraints matter in this field because API environments change quickly, ownership is often distributed, and automated release pipelines can outpace manual review. This course is designed for professionals who must govern APIs under budget pressure, incomplete documentation, and competing priorities across product, engineering, and risk functions.

Target Audience

This course is designed for professionals who already work with APIs and need stronger control over security, policy, and lifecycle governance.

  • API Security Engineer responsible for API threat reduction and control enforcement
  • Application Security Analyst reviewing API vulnerabilities and attack patterns
  • Platform Engineer managing API gateways, service mesh policies, and runtime controls
  • DevSecOps Engineer embedding API checks into CI/CD pipelines
  • Compliance Officer documenting API control evidence and governance exceptions
  • IAM Specialist configuring OAuth 2.0, JWT, and access policy alignment
  • Cloud Security Architect defining guardrails for API exposure across services
  • Product Manager for APIs coordinating governance without slowing releases
  • Software Development Lead standardizing secure API design practices
  • Risk Manager tracking API exposure, ownership, and residual control gaps

Course Objectives

This course equips you to plan, execute, and measure API security and governance initiatives that reduce exposure, strengthen control consistency, and improve audit readiness.

  • Assess API posture using the OWASP API Security Top 10 and an API inventory.
  • Apply OAuth 2.0, JWT, and rate limiting to a defined API threat scenario.
  • Design an OpenAPI-based governance baseline for naming, versioning, and schema validation.
  • Build an API risk register that tracks shadow APIs, ownership gaps, and control exceptions.
  • Evaluate API controls against OWASP guidance, gateway policy rules, and CI/CD checks.
  • Navigate security, product, and compliance requirements for API lifecycle governance.
  • Implement measurable control targets using policy violations, inventory completeness, and review cycle metrics.
  • Synthesize findings into a governance scorecard and executive-ready API risk report.

Requirements & Prerequisites

Recommended prerequisites: working familiarity with web APIs, basic HTTP concepts, and common security controls such as authentication, authorization, and encryption. Prior exposure to OpenAPI, OAuth 2.0, DevSecOps pipelines, or API gateways is helpful but not required. No coding/programming is required for completion, although you should be comfortable reading API specifications and policy documents. Participants should bring a laptop for worksheet-based labs and governance exercises.

Local Application and Business Return in Uganda

How participants can apply the training in local operating conditions, and the return their organisation can plan for.

How participants apply this

Participants apply this course by reviewing API inventories, checking whether each endpoint has an owner, an authentication method, and a logging requirement, and then closing gaps before release. They also use OpenAPI documentation to spot inconsistent permissions, unsafe data exposure, and missing versioning rules. In day-to-day work, that means turning ad hoc API protection into repeatable controls that developers can follow and security teams can verify. Compliance staff can use the same artefacts to track exceptions, approve risk, and evidence control effectiveness.

Expected ROI

Within 6–12 months, organisations typically see fewer avoidable API security defects reaching production because teams catch design and authorization issues earlier. Security and engineering groups spend less time on reactive incident handling and more time on standardised reviews, faster approvals, and clearer exception management. Governance artefacts such as inventories, scorecards, and control maps also make internal audits and management reporting more efficient. The business value is lower breach likelihood, reduced rework, and more predictable delivery for API-enabled products.

Training Methodology

This is a practical, outcome-driven course designed to turn API security and governance aspiration into measurable action and credible reporting.

Methodology includes:

  • Hands-on calculation using an API risk scorecard and discovery dataset.
  • Scenario simulation for a shadow API incident with release and access constraints.
  • Assessment exercise using the OWASP API Security Top 10 checklist.
  • Stakeholder mapping of security, platform, product, and compliance reporting lines.
  • Case study analysis across banking, SaaS, healthcare, and e-commerce APIs.
  • Group workshop to draft an API governance baseline under time limits.
  • Reflection exercise comparing current controls against OWASP guidance and gateway evidence.

Upcoming Sessions

Next available dates worldwide

No international sessions scheduled

Certification

Recognized credentials that advance your career

Participants who complete the API Security and Governance Training Program earn a Trainingcred Certificate of Achievement, demonstrating professional competence and alignment with global standards in learning and development.

NITA Accredited

Accredited by the National Industrial Training Authority, ensuring programs meet nationally recognized standards of quality and relevance.

CPD Certified

Recognized by the CPD Certification Service, ensuring every program meets internationally benchmarked standards of professional excellence.

Each certification reflects practical expertise, strategic insight, and readiness to excel in today's competitive, fast-evolving workplace.

Why this course earns its place on your CV

Accredited training, practitioner trainers, and peers on the same career track — the three things real expertise is built on.

Effective Learning & Skill Development

  • Build expertise with structured, outcome-driven learning.
  • Equip individuals and teams with skills that grow with industry needs.
  • Reinforce learning through real-world scenarios, case studies and practical exercises.

Career Growth & Professional Advancement

  • Apply what you learn with a proven methodology that ensures lasting impact.
  • Develop immediately usable skills that translate directly into workplace success.
  • Gain the expertise needed for career advancement and leadership roles.

Training Optimization & Learning Excellence

  • Tailor training to industry-specific challenges and organizational goals.
  • Use data-driven insights and automation to enhance training effectiveness.
  • Evaluate progress and ensure long-term learning success.

Tools and platforms relevant to this field

Examples Uganda teams may encounter, and that may be featured in training where they support the confirmed course scope.

4

These are field-relevant examples, not a promise that every tool will be covered. Exact coverage depends on the confirmed course scope, participant needs, and delivery format.

  • Postman Postman, Inc.
    Used to test API requests, validate authentication flows, and inspect responses during development and security review.
  • Burp Suite PortSwigger
    Used for intercepting traffic, testing API inputs, and identifying authorization or injection weaknesses.
  • Swagger UI SmartBear
    Used to review OpenAPI definitions and verify that API documentation matches intended controls and exposed endpoints.
  • GitHub Actions GitHub
    Used to automate security checks and policy gates in the API delivery pipeline.

Real Results from Real Professionals

Thousands of professionals have transformed their careers through our training programs. Now, it's your turn.

View All Reviews

Local market advisory

Course relevance for Uganda

A country-specific view of market pressure, regulatory context, and practical business return behind this training.

  • Market context
  • Regulatory fit
  • Business application

Why this course matters in Uganda

A market-specific advisory on the operating pressures this course helps teams address.

API Security and Governance Training matters in Uganda because more digital services, integrations, and third-party connections increase the risk that one weak endpoint can expose sensitive data or disrupt operations. For banks, telecoms, insurers, government platforms, and software teams, the practical question is no longer whether APIs exist, but whether they are inventoried, protected, and governed consistently across the release pipeline. This course helps security, engineering, and compliance leaders decide where to enforce controls, how to document them for audit, and how to reduce exposure from shadow or poorly managed APIs. The result is better operational oversight and a stronger basis for risk acceptance, remediation, and board-level reporting.
Shadow API control

Ugandan organisations with fast-moving development teams need an API inventory and governance process so undocumented endpoints do not bypass authentication, logging, and approval controls.

Release-pipeline enforcement

Where digital products are updated frequently, API security has to be built into CI/CD checks rather than left to manual review after deployment.

Audit-ready evidence

Compliance teams benefit when API policies, access decisions, and exceptions are recorded in a form that can support audits, incident reviews, and management oversight.

This training is timely in Uganda because organisations are expanding API-driven digital services while also facing growing expectations for control, traceability, and secure access. That combination makes API governance a practical risk-management capability, not just a technical specialty.

Frequently Asked Questions

Got questions? We've gathered the answers to common queries to help you feel confident and informed.

It is most useful for API security engineers, application security analysts, platform engineers, DevSecOps practitioners, and compliance officers. It also helps product and engineering managers who need a clearer view of API risk and control ownership.

This course focuses on the controls and governance issues that are specific to APIs, such as OpenAPI design, OAuth-based access control, inventory management, and policy enforcement in CI/CD. General application security training often covers these topics only briefly.

Teams should finish with better API inventories, security checklists, governance scorecards, and control maps. Those artefacts help them explain risk, prove oversight, and prioritize remediation.

Yes. The course is designed to create defensible evidence for access control, logging, policy enforcement, and exception handling. That makes it easier to support internal audits and operational reviews.

Trusted by 100+ organizations across 40+ countries

Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University