Security of the API is accomplished by only accepting connections over the HTTPS protocol. This ensures that all data flow is encrypted in both ways.
We highly recommend that you do make use of the provided SSL certificate fingerprint to manually verify that you are connected to the right API server. This is done to counteract a potential man-in-the-middle attack.
The SSL certificate fingerprint can be found on your personal Partner page.
Our PHP client library provides an example of fingerprint verification in PHP.