One of the major challenges to widespread exposure of APIs and their adoption is the Security around API. APIs essentially are gateway to enterprise backend and assets. Malicious assaults and DDoS attacks are increasingly commonplace for hackers as back-end systems become more accessible through exposed APIs. API Security thus becomes a key concern for enterprises who have embarked upon a Digital Transformation to reach consumers over multitude of devices and channels. This paper would try to explore in detail some of the Threats and Vulnerabilities and Risk Exposure and Business Impact they would have on the businesses in the event such weaknesses are exploited. It will examine some the mitigation strategies, best practices and innovations in the API and its Security designs that are needed to safeguard business assets and its interests. Two particular areas it will focus on the challenges and design of Security in Hybrid Cloud Environment, Microservice Architecture.