2021-12-07T09:00:00Z
EB
Director of Community at PeerSpot (formerly IT Central Station)
  • 5
  • 157

How do you protect your API from security threats?

Hi community,

Which techniques and tools do you use to protect your APIs?

5
PeerSpot user
5 Answers
VG
Chief Architect at Peristent Systems
Real User
Top 5Leaderboard
2022-01-12T11:29:04Z
Jan 12, 2022

We have so far looked at leveraging OWASP ZAP to perform DAST on the APIs. As long as APIs use the Open API framework, we are able to do this easily for different authentication methods and get reports for different thresholds. So far this has sufficed our need.


Commercial products might offer far greater checks, something we might look at in near future.

Search for a product comparison in API Management
MM
Chief Technology Officer (CTO) at APIIDA AG
User
2021-12-13T09:09:34Z
Dec 13, 2021

Hi Evgeny, 

It depends on what type of API we are talking about. Kong was already mentioned, but there are multiple others as well. One of the best Open Source packages for API management available right now is Gravitee.io. We are both Gravitee and Kong partners, so feel free to reach out if you have any questions. 


Usually, you move authentication from your upstream APIs to an API gateway. 


Additionally, you can do schema validation, so that the requests that arrive at your backend have been checked for validity. For some extra security, you can sanitize inputs or scan for known injection vectors. 


You can read more about API security in our blog: The Ultimate Guide to API Security - APIIDA


Hope this helps!

AY
Solutions Architect at a financial services firm with 1,001-5,000 employees
Real User
Top 5Leaderboard
2021-12-09T11:26:45Z
Dec 9, 2021

1. For authentication and authorization we can secure our API using plugins on KONG: OpenID Connect and application registration plugin. OpenID Connect can be integrated with IDP provider MS Azure AD.


2. JWT plugin provided in KONG can also be used for authorization purposes.


All these are JWT-based mechanisms. 

AY
Solutions Architect at a financial services firm with 1,001-5,000 employees
Real User
Top 5Leaderboard
Dec 10, 2021

@Evgeny Belenky Yes , Kong is an API Gateway. 
It has good integration capabilities with well-known IDPS.

PeerSpot user
FC
Engineering Supervisor- Corporate Data Solutions and Services at TZ Telecoms. Corporation
Real User
Top 5Leaderboard
2021-12-22T09:40:25Z
Dec 22, 2021

The principle is to consider every aspect of the API's use and then evaluate and loopholes for security breaches. So one can consider the following:


Securing connection by always using the strongest latest update versions and conveniently available connection securing mechanisms like HTTPS


Adding an additional layer of security by hashing sensitive data like passwords and using strong hashing algorithms


Validating any input parameter by using strong validation checks and rejecting requests if validation fails. It is practical to send specific error messages as a response.


Considering the use of secure authentication and authorization frameworks instead of using basic authentication and always storing sensitive data in a secure framework.


It is also important not to expose information on URLs.

EB
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
2022-01-12T06:06:53Z
Jan 12, 2022

Hi @reviewer1572348


Possibly you can help in answering this question. Can you?


Thanks ​

Learn what your peers think about SEEBURGER Business Integration Suite. Get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
687,256 professionals have used our research since 2012.
Related Questions
ZN
Technical Advisor at Shared Services Canada | Services partagés Canada
Mar 2, 2023
Hello community, I work for a large governmental organization. We are building up SDDC using VCF now and considering an API management tool to provide API service to clients. What is the best API management tool for our case? Thank you for your help.
2 out of 3 answers
DO
DevSecOps Consultant at CRG Technoogies LLC
Feb 27, 2023
Hi Zuojun, The Broadcom Layer 7 API platform is a robust and highly technical solution that gives you several options for building out APIs and can sit well with the portal. I have set the gateway up using Helm charts into Kubernetes (Plain, EKS, and AKS) as well as OCP.  All are fairly easy to implement with their new approach to deployment that they have developed recently. Derek
Carlos Bittrich - PeerSpot reviewer
Technology Advisor at Fabrik
Feb 28, 2023
Most of the API solutions now run in containers (Kubernetes) like the one described by Derek but if you want to avoid the burden of having a container supervisor on top of a VM supervisor my recommendation is that you look for a solution that runs plain on VMWare. One option is IBM API Connect.  It includes:  1. API Manager which provides a user interface that facilitates the promotion and tracking of APIs  2.  API Gateway which enforces runtime policies to secure and control API traffic, provides the endpoints that expose APIs to the calling applications, and provides assembly functions that enable APIs to integrate with various endpoints  3.  Developer portal which provides a customizable self-service web-based portal to application developers to explore, discover, and subscribe to APIs.  4.  Analytics server  All of them as VMware images.  Regards
BF
Test Leader at Euroclear
Dec 8, 2022
Hi community, UFT links to ALM by means of ALM OTA API. What is the API that would be used to link to Azure DevOps? Thank you for your help.
See 1 answer
Deepak Damodarr - PeerSpot reviewer
Data Office Lead at a comms service provider with 501-1,000 employees
Dec 8, 2022
There are REST APIs available for Azure DevOps. - Graph REST API for Azure DevOps Services - Azure DevOps Services REST API | Microsoft Learn
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 18, 2022
Dear PeerSpot community members, Welcome to the latest PeerSpot Community Spotlight, where we sum up the most relevant recent postings by your peers in the community.  Check out the latest questions, articles and professional discussions contributed by PeerSpot community members!  Trending Here are some topics that your peers are discussing at the moment: What is your recomme...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Dec 6, 2021
What is software extensibility? Extensibility is the ability of the software system to allow and accept the significant extension of its capabilities without major rewriting of code or changes in its basic architecture. Extensible systems provide technology, tools, languages designed so that developers can expand or add to their capabilities. What are some of the benefits customers get ou...
Moderator
Don Ingerson - PeerSpot reviewer
QA Automation Engineer at Global Fortune 500 Company
Real User
ExpertTop 5
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 18, 2022
Community Spotlight #18
Dear PeerSpot community members, Welcome to the latest PeerSpot Community Spotlight, where we su...
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Dec 6, 2021
Software Extensibility: Definition, Attributes and Techniques
What is software extensibility? Extensibility is the ability of the software system to allow...
Download Free Report
Download our free SEEBURGER Business Integration Suite Report and get advice and tips from experienced pros sharing their opinions. Updated: February 2023.
DOWNLOAD NOW
687,256 professionals have used our research since 2012.