(February 06 20:30) Forbes.com
In summary, an API security program should use both vulnerability scanning and penetration testing to deliver comprehensive security for the API. Both have different approaches and scopes, but combining both is required to deliver a robust security posture.
You can find the original article
here