Business Risk Analytics for API-Driven Digital Platforms: Measuring Mass Assignment Exposure in Developer Workflows

Main article

Ananya Nair
Department of Business Analytics, University of Mysore, Mysuru 570006, Karnataka, India
Vivek Menon
Department of Computer Applications, University of Calicut, Malappuram 673635, Kerala, India
Rajeev Thomas*
Department of Management Studies, Cochin University of Science and Technology, Kochi 682022, Kerala, India
rajeev.thomas@cusat.ac.in

DOI: https://doi.org/10.63646/EUCD6494

Abstract

API-driven digital platforms transform business processes into programmable services, but they also expose sensitive workflow states through request-response interfaces. Mass assignment exposure occurs when a server binds user-supplied fields directly to internal model objects without adequate field-level control, allowing unauthorized changes to roles, balances, ownership, verification states, or workflow status. This study develops a business risk analytics framework for measuring such exposure in developer workflows. The proposed Mass Assignment Exposure Index combines static indicators such as direct entity binding, sensitive-field setters, validation gaps, deserializer tolerance, cascade propagation, and service-layer copy logic with dynamic evidence from schema-aware injection tests. The Workflow Business Risk Score then weights exposure by asset value, identity sensitivity, regulatory impact, and remediation friction. A numerical evaluation based on three benchmark project classes and eight high-risk endpoint candidates shows that hybrid analytics reduces immediate actionability from eight static candidates to three confirmed high-impact exposures while preserving a backlog for fragile designs. Scenario analysis indicates that a hybrid risk policy prevents confirmed exposure without the workflow disruption produced by a static-only gate. The findings contribute to business and data analytics by converting API security telemetry into decision-oriented risk measures for release governance, internal audit, and platform control design.

Article details