While application programming interfaces (APIs) are nothing new to the legal industry, many organizations’ information security controls may not account for them as much as they should.