banner

API Security

Enterprises are reshaping their business models to address the new digital economy by making data and applications available as APIs for consumption in mobile applications, cloud applications and Internet of Things (IoT). While APIs connect enterprises with mobile apps and a large community of developers, these APIs also need to be scalable, reliable, and most importantly secure. As these businesses start monetizing their resources through digital channels they need to become more vigilant about security and complaince and prevent their APIs against threats and hacks.

The SOA Software API Security solution streamlines management, deployment, development and operation of APIs, enhancing security and regulatory compliance through authentication, authorization and audit capabilities. The SOA Software API Gateway, deployed at the edge of the network to provide perimeter security and defence, protects the enterprise by handling authentication and authorization, encrypting data, preventing threats and attacks and rate limiting traffic. The API Gateway can be deployed in the cloud or on-premises.

API Gateway
channels

Authentication and Authorization

  • Choose from a wide array of authentication schemes, standards and token types to ensure that only valid users and applications get access
  • Integrate with leading identity and access management providers or use the built-in access control system
  • Use existing enterprise security systems to create an OAuth authorization server.
build

Message Security

  • Ensure the privacy of data in flight and at rest (a key requirement for PCI Compliance)
  • Support SSL & TLS as well as message-based encryption and decryption using the XML-Encryption standards
  • Sign and verify messages and headers to provide non-repudiation
  • Simplify key and certificate generation, distribution and management with built-in PKI services
Monetize

Threat Protection

  • Prevent Denial of Service (DoS) attacks, malformed messages or excessive XML/JSON depth and breadth.
  • Detect and prevent SQL, JavaScript or XPath/XQuery injection attacks
  • Provide a content firewall, protecting against malicious content including protection against viruses in attachments and validation of message content – XML and JSON data structure, form and query parameters.
build

Orchestration, Mediation and Transformation

  • Bi-directional protocol transformation - Convert existing SOAP or Plain-old-XML (POX) over MQ or JMS services into RESTful APIs with XML and/or JSON content
  • API & Message Routing - Route based on message content, headers, identity and other factors
  • Orchestration - Remove operations, aggregate multiple backend APIs or services, perform mediation, or composition - without writing code.
  • Scripting - Author reusable scripts using a variety of languages (e.g. node.js, JavaScript, Groovy, Jython, BeanShell) and embed them within processes
Monetize

Analytics and Monitoring

  • Real-time system monitoring – Use the Web-based dashboards to get real-time visibility into service and API performance, dependencies, and alert status
  • Alert Management – Powerful alert management, monitoring, and distribution. Leverage alerts within compositions to control message routing, enforce SLAs or perform other runtime activities
  • Analytics – Dashboards and out-of-the-box reports provide visibility into the performance of APIs and services from different perspectives, including department, partner, application contract, API/service or operation

Learn More

build

Unified API and SOA

  • Define and Manage API’s- Create APIs with multiple interfaces using different standards including REST/XML, REST/JSON and SOAP with no extra development effort
  • Comprehensive Integration with SOA Software’s Lifecycle Manager - Control the service production and consumption process from requirements definition to development
  • Contract Management - Manage relationships between service consumers and providers
Monetize

Deploy in the cloud, or on-premises

  • On-Premise or in the Cloud – You can choose how and where you deploy to best meet the need of your business
  • Virtual Appliance – Deploy as a pre-packaged hardened virtual appliance on any infrastructure of your choice

Learn More

White Paper

{title}

Datasheet

{title}

Webinar

{title}