API Security Challenges and How to Address Them

AndrewSlivker3 Andrew Slivker

API Management platforms should help developers build, provide and consume APIs using both industry standard and custom security models. Developers should be able to delegate some, or all of the responsibilities to handle security on behalf of the API Provider or API Consumer applications to the platform. These API Security Management capabilities tremendously reduce time and efforts on developing, testing and operating APIs in secure environments.

In addition, API Security should be independently controlled by API Management Gateways at both the Inbound and the Outbound message flows, therefore creating the opportunity to pass through security and/or mediate (translate) security between API Consumers and backend APIs. Inbound or outbound message flows can implement and enforce many different security authentication models with different user credentials and security token types. These can be industry standard authentication schemes and security tokens, as well as custom security models. Well-written API platforms enforce and implement both authentication and authorization to ensure complete end-to-end security.

This session will also touch upon the importance of Authorization and why it should be easy for anyone to define complex Access Rules that will be enforced at run-time. Authorization logic is extremely important for the security and integrity of data, even more so with the data privacy regulations being introduced globally.


Austin API Summit 2018


June 12, 2018 11:30