Make Legacy APIs Secure And Compliant with Vordel API Server

APIs from legacy applications may not have the proper access control to meet security policy and compliance requirements. Lack of role-based or attribute-based access control for APIs can result in excessive exposure of sensitive data such as personal identifiable information (PII) or personal health record (PHR). Fine-grained authorization / entitlement management technologies can add much needed security and control to legacy applications and APIs. Vordel API Server enforces fine-grained authorization policies for legacy APIs and applications.

Enforce Fine-Grained Authorization Policies with Vordel API Server

Fine-grained authorization / entitlement management products such as Oracle Entitlements Server, Axiomatics Policy Server and Quest One Authorization Server offer great flexibility to define and administer fine-grained authorization policies. Whether the policy engine is based on XACML (eXtensible Access Control Mark-up Language) or proprietary schemes, it requires policy enforcement points (PEP) at run time to make the policies actionable. Unfortunately, these policy engines offer few PEP options. Most implementations rely on custom coded PEPs inside the applications. Vordel API Server offers out-of-the-box PEP integrations with these leading policy engines to enforce policies for accessing APIs and redact data returned by APIs.

Control Access To APIs Based On Roles, Attributes & Context

API access control policies are often more complex than simple static decisions. Authorization decision may depend on attributes and context that can change over time; attributes such as user’s role, type of application, security domain of the API client, and time of the day. Vordel API Server extracts and retrieves attributes the policy server requires to make an authorization decision. These attributes can be about the client, the application, the user, or the network. These attributes can be extracted from the request, its payload, or looked up from another system such as LDAP. After providing the policy engine with the required input to make an authorization decision; Vordel API Server enforces that decision by granting or blocking access to the whole or parts of the API.

Redact API Data To Meet Security & Compliance Mandates with Vordel API Server

Legacy applications and their APIs often cannot control the amount of data returned by the APIs. The same data set is always returned since the application has no ability to adjust output based on input parameters such as roles and attributes. This can result in excessive data exposure beyond what is allowed by security and compliance policies. Vordel API Server redacts API response in real-time based on authorization policy. Vordel API Server can remove, reduce, mask, or encrypt any data element in the API response per policy. Vordel API Server helps legacy APIs and applications meet PCI DSS and privacy requirements.