Vendor Management: Assessing API Security Risks