Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Defending APIs
Defending APIs

Defending APIs: Uncover advanced defense techniques to craft secure application programming interfaces

eBook
€17.99 €26.99
Paperback
€33.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Table of content icon View table of contents Preview book icon Preview Book

Defending APIs

What Is API Security?

A frequently quoted view is that there is no such thing as API security; it’s just an evolution of application security we have been practicing for the last two decades. However, I believe that it is a discrete and important discipline. Join me on the journey into API security.

APIs are the backbone of a modern digital economy, allowing the exchange of critical data and the interconnectivity of different systems. APIs are the fuel that have fired digital innovation for the last decade. Given the critical role of APIs in our digital world, it is vital that they are secure. This chapter sets out the foundational concepts of APIs, particularly in relation to security.

In this chapter, we will examine exactly what is meant by API security and understand the key elements of this exciting and emerging security domain, covering topics such as the following:

  • The importance of API security
  • Understanding the basics of APIs
  • API data formats
  • Elements of API security and API security goals

Why API security is important

The Open Web Application Security Project (OWASP) published its first OWASP API Security Top 10 list in December 2019, and since then, the API security community has grown rapidly, with API security start-ups attracting significant investment and increasing interest from developers and security practitioners alike to learn resources on the topic. Unfortunately, during this period, there has also been a marked rise in the number of security incidents relating to insecure APIs. Recent analysis suggests a 681% rise in API attacks and that nearly one in two organizations has experienced a security incident related to APIs.

In a way, APIs are a victim of their own success – because of their rapid proliferation and the high economic value of the data they protect, they are now the most popular target for attackers.

We’ll now have a look at the so-called API economy and how the near-exponential growth in the number of APIs creates challenges for organizations as they become the favorite vector for attackers.

The growth of the API economy

To fully appreciate the importance of API security, let us first consider the growth of the so-called API economy. Let’s understand a bit more about what is meant by this term – Forbes defines an API economy as “an enabler for turning a business or organization into a platform.” A platform can leverage APIs to do the following:

  • Provide services and data to consumers for a price
  • Consume services and data from other providers to enhance your business

What is the API economy?

The API revolution has led to the emergence of API-first businesses such as Twilio and has allowed other organizations to expose their core offerings via APIs (Google Maps is a good example). The disruptive nature of the API economy is best seen in the financial services industry – typically, this has been an industry resistant to innovation due to regulatory and compliance requirements. By using APIs to expose selected core services, banks can embrace new models without disrupting their core IT systems. By adopting open standards that can be certified – such as the Open Banking API – banks can achieve interoperability while ensuring transactional integrity. The online money transfer service Wise uses APIs to provide B2B and B2C services and offers banking-as-a-service (BaaS) to third parties by renting out their APIs.

Advantages of an API economy

There are several key benefits to an API economy:

  • Reduced time-to-market: Organizations can use APIs to consume services from third parties rather than having to create those services themselves, resulting in faster development life cycles.
  • Drive value: Organizations can expose new and innovative services using APIs and open new markets.
  • Competitive advantage: By getting to market faster and using APIs to drive innovation, adopters can increase their competitive advantage.
  • Improved efficiency: APIs allow IT teams to deliver immediate value by exposing APIs, rather than having to build and deploy mobile or web applications.
  • Security: Mobile and web applications expose a vast attack surface to adversaries. By focusing development on APIs, this attack surface can be reduced and focus given to the hardening and security of these APIs.

API adoption allows organizations to deliver more value and functionality while simultaneously reducing cost and time to market.

The scale of the API economy

It is difficult to provide an accurate estimation of the scale of an API economy, and even if it was possible, this estimate would soon be invalidated due to the nearly exponential growth of the space. The API community at Nordic APIs (https://nordicapis.com/20-impressive-api-economy-statistics/) has produced a survey on the scale of the API economy; the following are some headline figures:

  • Over 90% of developers use APIs
  • The popular API test platform Postman has over 46 million API collections
  • 83% of all internet traffic belongs to APIs
  • There are over 2 million API GitHub repositories
  • The API management market is valued at $5.1 billion in 2023
  • 93% of communication service providers use OpenAPI specifications
  • 91% of organizations have had an API security incident

On the back of a growing API economy, major capital investment has poured into the market for API tool vendors, management platforms, and security tools.

Challenges to an API economy

The rapid adoption of APIs brings with it several challenges in addition to the benefits. The first challenge is that of inventory — because APIs can be easily built and deployed and have a finite lifetime, organizations are struggling to keep track of their API inventory, resulting in shadow (hidden) and zombie (outdated) APIs.

The second challenge is that of governance — as APIs proliferate, organizations face challenges with governing the development and deployment process, ensuring that data and privacy requirements are met and that the API life cycle is managed from cradle to grave.

The biggest challenge, however, is that of security. As noted earlier in this section, APIs can reduce an organization’s overall attack surface; however, this comes at the cost of a new security paradigm – APIs are a new attack surface, and the threats are different. In the next section, we’ll explore these security challenges in more detail.

APIs are popular with developers

Developers love APIs — nearly all developers work with APIs and nearly all modern architectures are API-centric. While containerization has driven the breakdown of the monolith and the emergence of microservices, it is APIs that form the connecting tissue between these services.

The benefit of APIs to developers are numerous, including the following:

  • They form an abstraction between services and allow encapsulation of functionality.
  • They define a clear interface via an OpenAPI specification that serves as a contract for the API.
  • They allow a truly polyglot environment where different APIs can be implemented in the most suitable programming language for the task at hand.
  • They simplify data exchange as APIs generally use JSON, XML, or YAML.
  • They facilitate ease of testing, using tools such as Postman or tools that can validate API functionality against the OpenAPI Specification.
  • They propel ease of development. The API development ecosystem is rich with powerful tooling for the development and testing of APIs. Moreover, fully featured API frameworks exist for most modern programming languages.

These factors have fueled the API-first paradigm where applications are built in a bottom-up approach, starting with the APIs, then the business logic, and the user interface (UI) last.

APIs are increasingly popular with attackers

While APIs are undoubtedly popular with developers, they are even more popular with attackers. Gartner reports that APIs are the number one attack vector for cybercriminals in 2022, and barely a week goes by without an API breach or vulnerability being disclosed.

There are several key reasons why APIs are a favored attack target:

  • APIs are likely to be publicly accessible: By their nature, APIs are intended to be interconnected with other systems, requiring them to be exposed on public networks. This facilitates easy discovery and attack by adversaries.
  • APIs are often well documented: To aid easy adoption and integration, good APIs should be documented using tools such as the Swagger UI. Unfortunately, such documentation can also be invaluable to attackers in understanding how the APIs work.
  • API attacks can be automated: API interaction is headless (not requiring a UI or human interaction) and can easily be automated with scripts or dedicated attack tools. APIs are, in many cases, easier to attack than mobile or web applications.
  • APIs expose valuable data: Most importantly, APIs are designed to allow access to key data assets (PII, financial, or market data), which are likely to be the highest prize for an attacker. Attackers increasingly attack APIs that inadvertently expose excessive data or allow mass exfiltration, which might not be the case with a well-crafted UI.

Your existing tools do not work well for APIs

The relatively recent emergence of APIs as the de facto conduit for application connectivity poses significant challenges to security teams and testers. Much of the existing application security (AppSec) tooling that exists was designed in an era when web applications were the primary asset to be protected. Common security tools such as static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA) are far less effective in assessing APIs than they are with web or mobile applications.

Traditional perimeter protections such as network firewalls or web application firewalls (WAFs) are ineffective in protecting APIs, since they lack the context of the API interface and the expected request and response traffic. Such tools tend to be high in both false positives and false negatives.

More modern API technologies, such as API management portals (APIMs) and gateways, are essential for the operation of APIs at scale, but while they do provide security features, they do not address all attack vectors.

The key takeaway is that while tools are important as part of a defense strategy, they need to be augmented by solid defensive design and coding techniques — this is the focus of the final section of this book.

Developers often lack an understanding of API security

It is important to understand why insecure code exists in the first place if we want to address the problem.

Developers are, by nature, creative problem solvers who thrive on a challenge – unfortunately, this leads them to be over-optimistic, which can lead them to take shortcuts and optimizations, or perhaps work to unrealistic delivery schedules. This is so-called happy path coding, where developers do not fully appreciate how their code could fail or be misused by an attacker, sometimes with dire consequences.

Coupled with over-optimism is a sense of over-confidence – developers will assume they fully understand a problem but may be unaware that they are missing some crucial detail or subtlety, which again can have adverse effects. An example is the adoption of a new API framework and not carefully considering the default settings and deploying a vulnerable product.

Developers will often have a misplaced sense that bad things only happen to other people and not them. Despite witnessing examples of well-known breaches, many developers believe they will never fall victim to a similar misfortune. This general phenomenon is known as the schadenfreude effect.

The development process can be stressful with constant pressure to deliver to schedule, and this can result in compromising full implementation in favor of meeting deadlines. For example, this can include the omission of error handling code or data validation with the intent of coming back to implement them in later releases. With time pressures, this rarely happens, and code is often left in an incomplete state.

Often, developers inherit a code base to maintain that may contain significant technical debt or legacy code. Without a full understanding of the system and its complexities and foibles, developers may be disinclined to make changes to the code base in case they break functionality.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Develop a profound understanding of the inner workings of APIs with a sharp focus on security
  • Learn the tools and techniques employed by API security testers and hackers, establishing your own hacking laboratory
  • Master the art of building robust APIs with shift-left and shield-right approaches, spanning the API lifecycle
  • Purchase of the print or Kindle book includes a free PDF eBook

Description

Along with the exponential growth of API adoption comes a rise in security concerns about their implementation and inherent vulnerabilities. For those seeking comprehensive insights into building, deploying, and managing APIs as the first line of cyber defense, this book offers invaluable guidance. Written by a seasoned DevSecOps expert, Defending APIs addresses the imperative task of API security with innovative approaches and techniques designed to combat API-specific safety challenges. The initial chapters are dedicated to API building blocks, hacking APIs by exploiting vulnerabilities, and case studies of recent breaches, while the subsequent sections of the book focus on building the skills necessary for securing APIs in real-world scenarios. Guided by clear step-by-step instructions, you’ll explore offensive techniques for testing vulnerabilities, attacking, and exploiting APIs. Transitioning to defensive techniques, the book equips you with effective methods to guard against common attacks. There are plenty of case studies peppered throughout the book to help you apply the techniques you’re learning in practice, complemented by in-depth insights and a wealth of best practices for building better APIs from the ground up. By the end of this book, you’ll have the expertise to develop secure APIs and test them against various cyber threats targeting APIs.

Who is this book for?

This book is for application security engineers, blue teamers, and security professionals looking forward to building an application security program targeting API security. For red teamers and pentesters, it provides insights into exploiting API vulnerabilities. API developers will benefit understanding, anticipating, and defending against potential threats and attacks on their APIs. While basic knowledge of software and security is required to understand the attack vectors and defensive techniques explained in the book, a thorough understanding of API security is all you need to get started.

What you will learn

  • Explore the core elements of APIs and their collaborative role in API development
  • Understand the OWASP API Security Top 10, dissecting the root causes of API vulnerabilities
  • Obtain insights into high-profile API security breaches with practical examples and in-depth analysis
  • Use API attacking techniques adversaries use to attack APIs to enhance your defensive strategies
  • Employ shield-right security approaches such as API gateways and firewalls
  • Defend against common API vulnerabilities across several frameworks and languages, such as .NET, Python, and Java
Estimated delivery fee Deliver to Switzerland

Standard delivery 10 - 13 business days

€11.95

Premium delivery 3 - 6 business days

€16.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Feb 09, 2024
Length: 384 pages
Edition : 1st
Language : English
ISBN-13 : 9781804617120
Category :
Languages :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Estimated delivery fee Deliver to Switzerland

Standard delivery 10 - 13 business days

€11.95

Premium delivery 3 - 6 business days

€16.95
(Includes tracking information)

Product Details

Publication date : Feb 09, 2024
Length: 384 pages
Edition : 1st
Language : English
ISBN-13 : 9781804617120
Category :
Languages :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 88.97 97.97 9.00 saved
Attacking and Exploiting Modern Web Applications
€29.99
Defending APIs
€33.99
Cloud Forensics Demystified
€24.99 €33.99
Total 88.97 97.97 9.00 saved Stars icon

Table of Contents

18 Chapters
Part 1: Foundations of API Security Chevron down icon Chevron up icon
Chapter 1: What Is API Security? Chevron down icon Chevron up icon
Chapter 2: Understanding APIs Chevron down icon Chevron up icon
Chapter 3: Understanding Common API Vulnerabilities Chevron down icon Chevron up icon
Chapter 4: Investigating Recent Breaches Chevron down icon Chevron up icon
Part 2: Attacking APIs Chevron down icon Chevron up icon
Chapter 5: Foundations of Attacking APIs Chevron down icon Chevron up icon
Chapter 6: Discovering APIs Chevron down icon Chevron up icon
Chapter 7: Attacking APIs Chevron down icon Chevron up icon
Part 3: Defending APIs Chevron down icon Chevron up icon
Chapter 8: Shift-Left for API Security Chevron down icon Chevron up icon
Chapter 9: Defending against Common Vulnerabilities Chevron down icon Chevron up icon
Chapter 10: Securing Your Frameworks and Languages Chevron down icon Chevron up icon
Chapter 11: Shield Right for APIs with Runtime Protection Chevron down icon Chevron up icon
Chapter 12: Securing Microservices Chevron down icon Chevron up icon
Chapter 13: Implementing an API Security Strategy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.3
(10 Ratings)
5 star 60%
4 star 30%
3 star 0%
2 star 0%
1 star 10%
Filter icon Filter
Top Reviews

Filter reviews by




Yondela Myataza Jul 29, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Feefo Verified review Feefo
SuJo Jun 23, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I enjoyed how easy it was to read the material and though tools were used or mentioned; The book assumes you have some knowledge in the field. The OWASP Top 10 is a crucial component and is very important to understand. The author did a good job with the subject and a deeper dive that’s more advanced user focused in a second edition would be welcomed!Overall I enjoyed the book which I ordered from Packt directly as I had a coupon to use. If you’re new to defending or attacking APIs I recommend you give this book a go!
Amazon Verified review Amazon
Amazon Customer Jun 04, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Defending APIs by Colin Domoney is a great read for anyone interested in the intricacies of API security. The book is structured really well, starting with an accessible introduction to APIs and gradually delving into more complex topics while still being easy to follow along.Colin has done a great job in presenting the intro topics in a manner that is easy to understand while still being engaging making it ideal for readers who are new to API security. As the book progresses into more technical territory, it continues to maintain its accessibility and readability which makes it a solid resource for both beginners and professionals.As someone who regularly performs security testing, including regular pentests against APIs, I found this book to be beneficial. It provided a deeper understanding of how API vulnerabilities occur, which has helped to improve my ability to assist customers in securing their APIs against the vulnerabilities I uncover during testing.I recommend Defending APIs to anyone looking to enhance their knowledge of API security, whether from an offensive or defensive perspective. This book is a valuable asset for security professionals aiming to help customers secure their APIs or for anyone interested in improving their own API security practices.
Amazon Verified review Amazon
armb Apr 12, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I'd like to thank Marylou De Mello of Packt for sending me a review PDF copy of "Defending APIs"I wish I'd had this book six years ago when I was responsible for infrastructure security for a microservice based product, but the subject is probably even more important now.I'm amused that Amazon's description says "a thorough understanding of API security is all you need to get started". I suspect that's an AI summary mistake. You can expect to gain a thorough understanding of API security, but "a basic knowledge of software and security" is all you need going in - it starts with an introduction to what API security is and why it is important, introduces API building blocks like authentication and authorisation with basic definitions, and goes on to address, in the words of the preface, "the full spectrum of API security".If you do already have a thorough understanding of API security, it still provides a valuable comprehensive systematic overview of the subject.The detailed table of contents is available on Packt's and O'Reilly's sites for the book so I won't repeat the entire breadth of the content, but it includes "shift-left" pushing security design to early in your development life-cycle, and "shield-right" recognising that run-time defence in depth is still needed after that. Both principles and practical use of tooling are covered, including a section on attacking APIs with tools that are useful both for a defender trying to think like an an attacker and for exploring or reverse engineering existing APIs that didn't follow the "design-first" approach.Every chapter also has a "Further reading" list of links to online material (the lists themselves are also available online, and I expect them to be updated over time).I do have a few minor quibbles. I think the principles of Zero Trust could have been a higher level more general section, because they apply to more than just microservices. I would have liked to have seen the dangers of JWT key confusion (or accepting alg:none) mentioned when JWT is first introduced, if only to reference the existing later coverage, and discussion of scope checking and use of the aud claim. The use of minimalist operating system base container images could have mentioned distroless and the tradeoffs involved.And a very minor point, one exception to introducing building blocks is perhaps the title of the book itself. The book is almost entirely about HTTP REST APIs, with some short sections on GraphQL and very brief sections on gRPC, SOAP, and WebSockets, and that isn't spelt out explicitly until page 36. However, it's exactly what I expected going into the book, and consistent with OWASP API Security Project usage, and APIs which aren't remote/web APIs but do encapsulate a security boundary are a very niche subject.
Amazon Verified review Amazon
Danishka Navin Mar 13, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is a comprehensive guide to mastering API security, delving into everything from the fundamentals to advanced defense techniques. It skillfully explores API vulnerabilities and attacks, providing practical insights on securing your APIs. Every page is a valuable investment, ensuring you gain in-depth knowledge while enjoying a captivating read. A must-have for anyone serious about building robust and secure application programming interfaces!
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela