As we know by now, the OAuth 2.0 protocol was built for authorization, not authentication. It excels at delegated authorization. Log in with Google? Sure. The OAuth protected API endpoint never sees your Google username and password. It doesn’t need to know who you are. In fact, like a discreet bouncer at an exclusive club,…
Category: API Security
Secure your GraphQL Implementation with an API Gateway
Do APIs, not security in your GraphQL I can’t remember the last time I was excited about a new technology like I am with GraphQL. I don’t think there is anything I don’t like about it- at least not yet! I have not been leveraging it every day as my job so keep that in…
How-to: OAuth and SAML – A Love Story for Valentine’s Day
Naturally, OAuth 2.0 is the shining star of the OAuth Toolkit (OTK), the prima donna that performs center stage in Layer7’s API security implementation. But waiting in the wings with a bouquet of slightly wilted flowers is an older standard who once shone just as brightly before all those mobile apps came along. His name…
How To: OTK Solution Kit Installation
This is the second post in the blog series focusing on the OAuth Toolkit (OTK) kit. The first video was a more academic overview of the OAuth protocol and workflow. This time we take a look at how to install the OTK solution kit, and how the OTK integrates with the API Gateway to provide easy implementation of OAuth security…
How-To: OAuth Overview
Today we’re going to take a look at the Layer 7 API Management OAuth toolkit or OTK. For most customers, the OTK is not an optional Gateway add-on. It is an essential product used in the API management lifecycle for securing client authorization and authentication. The OTK implements security using a combination of the OAuth…
CISSP Domain Principles and API Management Solutions
Recently, I took my CISSP exam and passed this industry recognized certification. As part of my preparation, I was trying to apply practical use-cases to those CISSP domain principles. Recognizing how important API security is to our customers, I was trying to associate our Layer7 API Management solutions with CISSP security principles. This not only…
How to Use Policy to Retrieve a Portal API OAuth Token
An API Gateway can be a fast, easy way to manage entities in an API Portal. The Portal API (PAPI) provides entry-points to perform tasks such as onboard users, manage APIs that are protected by the gateway runtime, manage and update API versions and documentation, and administer API Management items such as application definitions, organizations,…
Denial of Service Attacks on The Rise!
Current industry reports for 2019 regarding Distributed Denial of Service (DDoS) attacks indicate a 776% increase for loads between 100 Gbps and 400 Gbps*. As the demand rises for companies to expose more API’s to the public, it becomes much more important to be able to quickly respond to cybercrime threats and changing tactics. We…
5 Pillars of API Management
API Academy Manage security and performance risks created by opening enterprise systems via APIs Traditional enterprise are blurring, as organizations open their on-premise data and application functionality for use in new internal and external applications. APIs form the foundation of this open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries. To…
A How-to Guide to OAuth & API Security
API Academy Make OAuth implementation simple for your organization OAuth is an emerging Web standard that lets users grant third-party clients restricted access to resources they own. In the past, it was common to ask a user to share username and password information with the client. OAuth authentication is more secure as it allows the…