Customer said: “We consume an external API with a per-use charge, and many of our internal applications use it. Since the API serves sensitive personal information, we don’t want to give username/password to all developers, and we want to be able to see who accesses which information.”
Problem: There was a few problems with this case. First, each and every client application within the company used to copy the access information of the external API within their code. This was a serious problem in terms of security and management. Second, company was unable to detect any malicious usages of the information provided by the API.
What Apinizer Team did: Our team created a proxy on Apinizer API Gateway to be client to the external API, and configured an Authentication Provider for the users within the company to be clients of this proxy.
One of the internal applications selected to be pilot, and its code was updated to access to the proxy instead of the external API. The proxy itself was secured by an Authentication Provider configured on Apinizer, and an identical specific identity was created for the pilot application to be used on this proxy.
Additionally, a Redaction policy was applied for this identity on the response of the API, so that some irrelevant parts of the information in the response message returned by the API could be filtered before being returned to the application.
Finally, a Report was created on Apinizer Report Designer to filter all access logs to the external API in order to see who accessed which information, and when. The priviledge to see the report was given to an authorized user in the company.
Result: After centrally handling the security and privacy of all the traffic to and from the external API easily without coding, the company became an Apinizer customer.
Input your search keywords and press Enter.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.