Here are some other security features of Apigee's API management platform:
• Data masking - Apigee can mask or encrypt sensitive data fields in API responses. This helps prevent leakage of private information.
• Access control lists (ACLs) - Apigee allows maintaining lists of authorized IP addresses or domains that are allowed to access APIs. Any requests from unauthorized sources can be blocked.
• API keys - Apigee supports the use of API keys to authenticate and authorize API clients. Compromised API keys can be revoked.
• OAuth - Apigee supports OAuth 1.0a and OAuth 2.0 for secure authentication of API clients. OAuth access tokens can also be revoked if compromised.
• Logging and auditing - Apigee logs all API traffic which can be used for security auditing and forensic analysis in the event of a security incident.
• Signatures - Apigee can validate the signatures of incoming API requests to confirm they have not been modified in transit.
• Traffic routing - Apigee can route API requests to different backends based on security policies. For example, high risk clients can be routed to a separate sandbox environment.
• Transport Layer Security (TLS) - Apigee can terminate TLS connections to decrypt and inspect requests before routing them to backends. It also supports end-to-end TLS.
• Plugin architecture - Apigee's plugin architecture allows integrating with third party security solutions like WAFs, fraud detection, malware scanning, etc.
• Real-time monitoring - Apigee monitors API traffic in real time, allowing it to quickly detect and respond to potential security threats or attacks.
Those cover some of the major security capabilities within Apigee's API management platform. The combination of policies, traffic routing, authentication/authorization, monitoring, and plugin extensibility give Apigee strong security features for protecting APIs and data.
Hope this helps! Let me know if you have any other questions.
No comments:
Post a Comment