With the advancements in the enterprise-level business development, the demand for new applications and services is overwhelming. For the development and delivery of such applications and services, enterprise businesses rely on Application Programming Interfaces (APIs). In essence, API is a double-edged sword. On one hand, API provides ease of expanding the business through sharing value and utility, but on another hand it raises security and privacy issues. Since the applications usually use APIs to retrieve important data, therefore it is extremely important to make sure that an effective access control and security mechanism are in place , and the data does not fall into wrong hands. In this article, we discuss the current state of the enterprise API security and the role of Machine Learning (ML) in API security. We also discuss the General Data Protection Regulation (GDPR) compliance and its effect on the API security.