API access control ensures that only trusted applications and services can securely interact with your organizations’ systems and data through APIs.
Using API access controls maintains the safety of company resources against unauthorized access or misuse.
In Distributed API Authorization, permissions for accessing APIs are managed in a decentralized manner using rules.
Integrations
Integrate an authorizer with your gateway for rich, locally enforced, and centrally managed distributed authorization:
Apigee Edge
Apigee X
AWS API Gateway
Azure API Gateway
Istio Service Mesh
Kong API Gateway
Kusk API Gateway
Authentic Zero-Trust with Service Mesh
Fortify your zero-trust model by embedding API authorization into your Istio Service Mesh. Ensure secure API requests within your zero-trust network.
Streamlined API Discovery & Governance
Automatically unveil APIs across all connected gateways. Allocate authorization policies effortlessly and govern API authorization from token minting to endpoint policy enforcement.
Robust Protection for GraphQL APIs
Enhance GraphQL API protection. Designate policies directly through SecureAuth or take a declarative stance by including the policies within your GraphQL schema files.
Streamlined Token Exchange with Authorizers
SecureAuth authorizers facilitate the conversion of incoming third-party access tokens to internal access tokens:
Employ OAuth Token Exchange Grant Type: SecureAuth authorizers can interact with trusted IDPs (authorization servers) to exchange tokens, utilizing dedicated client credentials to engage with SecureAuth’s OAuth token endpoint.
Configurable Token Handling with Istio Authorizer: Istio Authorizer offers the flexibility to choose the token (original or exchanged) passed to the API/service, or even pass both tokens by configuring the header settings, ensuring tailored token management.
Policy-Based API Control simplifies the management of API access by establishing clear rules and enforcing them across the organization.
Transition authorization from application code to decisive authorization policies for enhanced security, easy modification, and thorough audit. Utilize localized policy decision and enforcement points for millisecond-level latency and automatic policy distribution.
Authorization Levels:
Application Level: Control who can access your application. Enforce MFA, ID-proofing, or permissions.
Token Minting Level: Control which users/machines can get the security tokens. Block token minting for anomalous requests.
Scope Level: Control access to specific scopes. Require MFA for high-value transactions.
API Request Level: Assign policies to APIs for locally enforced, centralized authorization.
Policy Declaration:
Enable dynamic access control decisions based on a myriad of attributes like user roles, current location, time of access, the resource being accessed, and much more.