Subscribe to the Non-Human & AI Identity Journal

How should security teams prevent BOLA in modern API environments?

Security teams should enforce object-level authorisation inside the application, not at the edge. Every request must be checked against the authenticated subject, the target object, and the transaction context. That approach is essential when valid tokens, clean syntax, and normal endpoints can still be abused to enumerate records or expose data.

Why This Matters for Security Teams

BOLA, also called insecure direct object reference in older guidance, is not primarily a gateway problem. It is an application authorisation failure that appears when the API accepts a legitimate token but does not verify whether that subject may access the specific object being requested. NIST’s NIST Cybersecurity Framework 2.0 treats access control as an enterprise risk issue, but modern API abuse often slips past perimeter controls because the request itself looks valid. That is why object-level checks must live where the object is resolved. When APIs expose predictable identifiers, batch endpoints, or multi-tenant records, a single missing check can turn normal access into broad disclosure. The risk is especially high in service-to-service traffic, where teams assume trusted callers and forget that trusted callers can still be compromised. NHIMG research on The Ultimate Guide to Non-Human Identities shows how often identity sprawl and excessive privilege expand attack paths across modern environments. In practice, many security teams discover BOLA only after routine API behaviour has already exposed records at scale, rather than through intentional testing.

How It Works in Practice

Preventing BOLA starts with binding authorisation to the object and the action, not just the endpoint. Each request should be evaluated against the authenticated subject, the requested object ID, the action being attempted, and any transaction context that changes the decision. That means the application, or a trusted policy layer close to the application, must answer a simple question: can this caller do this thing to this exact object right now?

A practical implementation usually includes:

  • Server-side checks for every object lookup, update, delete, and export action.
  • Policy decisions based on tenant, ownership, role, relationship, and request context.
  • Opaque or unguessable identifiers where possible, but never as a substitute for authorisation.
  • Centralised policy-as-code for consistency across services, such as OPA or Cedar, with request-time evaluation.
  • Negative testing for ID tampering, pagination abuse, bulk enumeration, and cross-tenant access.

For modern API estates, NIST CSF 2.0 is helpful for mapping the control objective, but the mechanics belong inside the application trust boundary. That same principle shows up in NHIMG’s McDonald’s McHire AI Chatbot Default Credentials research, where weak identity and access assumptions created outsized exposure once the system was reachable. The operational lesson is simple: if the API can resolve an object, the API must prove the caller’s right to that object before any data is returned. These controls tend to break down in microservice meshes with shared internal trust, because teams rely on upstream authentication and skip downstream object checks.

Common Variations and Edge Cases

Tighter object-level controls often increase engineering overhead, requiring organisations to balance safety against service complexity and latency. That tradeoff matters because BOLA can surface differently across public APIs, internal APIs, and partner integrations. Current guidance suggests there is no universal standard for how much context an authorisation decision must include, but the minimum is always the same: subject, object, and action.

Common edge cases include:

  • Bulk endpoints that return collections, where one authorised item can hide many unauthorised items.
  • Indirect references, where an API joins across tables or resources and leaks objects through search, filter, or export functions.
  • Shared service accounts, which make it harder to distinguish one caller from another and weaken attribution.
  • Graph-style APIs and nested resources, where permissions on a parent object do not automatically imply rights on child objects.

Teams should also test for over-broad admin paths, because role checks alone often fail when a lower-privilege user can manipulate identifiers to reach privileged data. In environments with federated identity, partner access, or mixed human and machine callers, object-level authorisation must be validated per request rather than assumed from login success. That is especially important when APIs support long-lived tokens or cached decisions, because stale trust creates the exact gap BOLA exploits. In practice, the weakest point is usually not the obvious read endpoint, but the auxiliary action added later for search, export, or support workflows.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-04 Covers over-privilege and object access issues in machine and service identities.
OWASP Agentic AI Top 10 A2 API object abuse is amplified when agents and tools can invoke actions autonomously.
CSA MAESTRO GOV-03 Agent and service governance requires runtime policy control over object access.
NIST CSF 2.0 PR.AC-4 Least privilege and access enforcement directly map to preventing unauthorized object access.
NIST AI RMF GOV AI and agent workflows need governed access decisions to avoid unauthorized data exposure.

Add request-time authorization checks for every tool action and object reference an agent can reach.