API is a crucial part of modern software development and system integration, and has also become a key target for attackers. There are certain weak links in API protection for power grid cloud applications. This article proposes a zero trust based power grid cloud application API security protection framework, which combines two types of API security gateways and zero trust architecture, integrates the ability of cloud security support components, solves the problem of missing internal threat protection mechanisms, and improves the security protection mechanism of cloud application APIs. This framework adopts multi-level security measures, and through verification in multiple cloud application scenarios, it is shown that it can meet its different API protection needs, providing a solution for cloud application API security.