| Follow Us on: |
|
|
Use Vordel API Server to implement enterprise strength security for REST APIs
Secure REST APIs with enterprise-strength protection and integrations |
|
REST (Representational State Transfer) style or RESTful APIs have gained great popularity among the developers and architects. REST, JSON and OAuth are becoming the de facto Web Oriented Architecture (WOA) building blocks. REST is easy to implement and lightweight, especially suitable for mobile applications. REST is not a standard but a pattern, thus it is not straight forward securing REST APIs, as compared to securing SOAP APIs using the WS-Security standard. Vordel API Server makes it simple to implement enterprise-strength security for REST APIs.
|
|
API Interface Security Using Vordel API Server |
|
Network firewalls do not block message level threats. Web application firewalls only protect web applications. Vordel API Server detects and prevents message level threats for REST API traffic, scanning HTTP Headers and HTTP QueryString parameters, as well as HTTP POST data. Vordel API Server also let enterprise restrict the use of REST API methods: GET, PUT, DELETE, POST, etc. The API Server also scans payloads and attachments for harmful content and performs JSON schema validation. See the API Protection page for a full list of protection the Vordel API Server provides out-of-the-box.
|
|
Access Control & Identity Integration with Vordel API Server |
|
Most REST APIs are accessible by only authorized clients. Vordel API Server authenticates and authorizes REST API requests. Vordel API Server is integrated out-of-the-box with all leading identity management platforms such as CA, IBM, Oracle, and more. Vordel API Server extends these identity management platforms with capabilities such as identity federation, Cloud single sign-on, OAuth support, client and application based authentication schemes. Finally, Vordel API Sever provides secured administration and storage for all forms of API security artefacts such as tokens, keys, and certificates.
|
|
Identity Federation Using OAuth and SAML |
|
Consumer users often prefer to use their existing credentials from Google, Facebook, or other third-party identity providers to login to an application. This is usually implemented using the OAuth standard, and more specifically the three-legged OAuth pattern. Vordel API Server provides comprehensive OAuth support to help API developers incorporate OAuth client, resource server, and authorization server capabilities into REST APIs. SAML (Security Assertion Mark-up Language) is more popular with enterprise federation scenarios. Vordel API Server supports OAuth, SAML, XACML, X.509, Kerberos, OpenID and other popular authentication and authorization standards.
|
|
Related Resources:
|
Security Checklist For Cloud Computing Models
How Enterprise API Management Means Business for Enterprises
Presentation: Security for REST Web Services
Calling REST API From An Android App