Information Technology - Blog V-Soft Consulting

How Should You Secure Your API Strategy?

Written by Caitlin Soard | Jun 14, 2019 3:46:00 PM

When using internal and third party developers for back end infrastructure within a business, security is still somehow an often overlooked—but vital—measure. This is especially true when moving away from basic API infrastructure, as you open yourself up to more security risks by going through subpar API gateways. You may not even know your APIs are unsafe until it’s too late! How do you prevent a security breach in your company’s API? Check out our blog, where we consult industry leaders to learn how to secure your company’s API strategy.

Build Secure, Robust API Gateways

APIs expose vulnerable back-end services and apps. Basically, an API Gateway acts as a way to absorb shock to back-end systems and ensure your business stays up and running, even when the front-end is facing a large amount of traffic. If this gateway gets compromised, your data is exposed to hackers, can overload your back-end systems, and cause unplanned outages, resulting in lost time, money, and security for your company. In order to ensure that your APIs won’t be overloaded, it is important to build secure, robust gateways from the get-go in order to keep your company’s network safe.

Want to learn more? Schedule a free consultation with one of our Mulesoft Experts by clicking here.

Use Anypoint Platform to Secure API Gateways

Authentication

Platforms such as Mulesoft’s Anypoint Platform provide a simple, easy way to protect your APIs. The Security Manager helps you set up authentication. This is the bridge between standard mule configuration and Spring Security beans. Mulesoft expert Nial Darby gives a great example configuration of Security Manager in his blog.  By using Basic Authentication, or by going a little more in depth and using OAuth 2.0, users can easily set up secure APIs through Mulesoft.

Username and Password Credentials

Username and password credentials are the simplest form of authentication. The caveat with username/passwords are that it places the burden of remembering a password upon the user. While still viable for certain situations, there are others where you may not want to have to manage passwords for users. Alternatives for username/password credentials include:

Multi-Factor Authentication

Multi-factor authentication recognizes the weaknesses of username/password credentials. An app that uses multi-factor authentication demands, one time, a usage token which the user receives after authentication with their credentials. This token can be delivered via SMS text or via a digital key. An example of this is an RSA SecureID.

Token Based Credentials

Token based credentials provide higher entropy and a more secure form of authentication. According to Mulesoft’s whitepaper on the subject, “The idea is for the Identity Provider to issue tokens based on an initial authentication request with username/password credentials. From then on, the app only has to send the token, so the net result is a great reduction in username/password credentials going to and fro over the network. Also, tokens can be set to expire or be revoked as needed.”

The Solution

API security breaches can cost up to $400 million—or sometimes even more. Every business needs APIs, but keeping them safe is just as important. Mulesoft’s Shana Pearlman explains that by protecting your APIs with Mulesoft’s Anypoint Platform, you reduce the risk of costly, time-consuming security breaches.

To find out more about Mulesoft’s Anypoint Platform, you can schedule a no-strings attached chat with one of our Mulesoft Experts below: