Methods and systems for API deception environment and API traffic control and security

We claim: 1. A proxy configured for routing client messages to one or more target Application Programing Interfaces (APIs), the proxy comprising: a hardware processor configured to identify or record at least one of: parameter data corresponding to one or more client side parameters, wherein: the parameter data corresponding to the one or more client side parameters is identified based on analysis of API layer data extracted from data messages received at the proxy; and each of the one or more client side parameters comprises a parameter descriptive of client side behavior detected at the proxy; and, parameter data corresponding to one or more server side parameters, wherein: the parameter data corresponding to the one or more server side parameters is identified based on analysis of API layer data extracted from data messages received at the proxy; and each of the one or more server side parameters comprises a parameter descriptive of (i) requests for server side data received from one or more clients or (ii) server side responses to data messages received from one or more clients; and a proxy router configured to: receive a client message; and discard the received client message without onward transmission to an API server identified in the received client message, in response to a determination that: (i) initiating a process for forwarding the received client message to the API server would result in parameter data corresponding to a client side parameter or a server side parameter to exceed a first predefined threshold; or (ii) receiving a response to the received client message from the API server would result in parameter data corresponding to a server side parameter to exceed a second predefined threshold. 2. The proxy as claimed in claim 1 , wherein the hardware processor is configured to identify or record both of: parameter data corresponding to one or more client side parameters; and parameter data corresponding to one or more server side parameters. 3. The proxy as claimed in claim 1 , wherein the one or more client side parameters includes one or more of client spike, bytes-in-spike, TCP connection spike, message spike and wild card topic substitution. 4. The proxy as claimed in claim 1 , wherein the one or more server side parameters includes one or more of server spike, server connection, server connection queuing, bytes-out spike, and topic publisher and subscriber quota. 5. The proxy as claimed in claim 1 , wherein the hardware processor is configured to maintain discrete sets of data records corresponding to client side parameters or server side parameters, for each API server within a server backend. 6. The proxy as claimed in claim 1 , wherein a determination at the proxy router whether to discard the received client message without onward transmission to the API server identified in the received client message, is based on one or more of device ID, IP address and OAuth 2 token corresponding to a client. 7. The proxy as claimed in claim 1 , wherein the proxy router is configured to: transmit the received client message to the API server identified in the received client message, in response to a determination that: (i) initiating the process for forwarding the received client message to the API server does not result in parameter data corresponding to the client side parameter or the server side parameter exceeding the first predefined threshold; or (ii) receiving the response to the received client message from the API server does not result in parameter data corresponding to the server side parameter exceeding the second predefined threshold. 8. The proxy as claimed in claim 1 , wherein a determination at the proxy router whether to discard the received client message without onward transmission to the API server identified in the received client message is based on an identifier. 9. A system for securing one or more API servers, the system comprising: a plurality of networked proxy nodes, each proxy node from the plurality of networked proxy nodes is configured for routing client messages to one or more target Application Programming Interfaces (APIs), and each proxy node from the plurality of networked proxy nodes comprises: a hardware processor configured to identify or record at least one of: parameter data corresponding to one or more client side parameters, wherein: the parameter data corresponding to the one or more client side parameters is identified based on analysis of API layer data extracted from data messages received at that proxy node; and each of the one or more client side parameters comprises a parameter descriptive of client side behavior detected at that proxy node; and, parameter data corresponding to one or more server side parameters, wherein: the parameter data corresponding to the one or more server side parameters is identified based on analysis of API layer data extracted from data messages received at that proxy node; and each of the one or more server side parameters comprises a parameter descriptive of (i) requests for server side data received from one or more clients or (ii) server side responses to data messages received from one or more clients; and a proxy router configured to: receive a client message; and discard the received client message without onward transmission to an API server identified in the received client message, in response to a determination that: (i) initiating a process for forwarding the received client message to the API server would result in parameter data corresponding to a client side parameter or a server side parameter to exceed a first predefined threshold; or (ii) receiving a response to the received client message from the API server would result in parameter data corresponding to a server side parameter to exceed a second predefined threshold; wherein each proxy node from the plurality of proxy nodes is configured to synchronize one or more data states of that proxy node with corresponding one or more data states of at least one other proxy node from the plurality of proxy nodes, and wherein the data states under synchronization comprise client side parameter data states or server side parameter data states. 10. The system as claimed in claim 9 , wherein the data states under synchronization comprise server side parameter data states and exclude client side parameter data states. 11. A system configured for routing client messages to one or more target Application Programming Interfaces (APIs implemented on a secured server backend, the system comprising: a proxy comprising: a hardware processor configured to detect indicators of compromise based on API layer data extracted from client messages received at the proxy, wherein the indicators of comprise are detected responsive to any one of: determining that a target API name extracted from a client message matches a decoy API name that is determinable by scanning of API data on the proxy; or determining that the target API name extracted from the client message does not match any API to which the proxy is configured to route client messages; a proxy router configured to respond to detection of an indicator of compromise by routing the client message corresponding to the detected indicator of compromise to a decoy API having an API name that matches the target API name extracted from the client message corresponding to the detected indicator of compromise, wherein said decoy API is communicably isolated from the secured server backend; and one or more processor implemented decoy APIs configured to respond to client messages received from the proxy router by: initiating network communication wi