Axway - REST Security Solutions for Securing RESTful API Web Services

REST-style APIs are quickly becoming a favorite among developers and architects because they are lightweight and easy to implement, particularly for mobile applications. However, because REST is a pattern (Representational State Transfer) rather than a standard, REST security can be tricky to implement in enterprises. Unlike SOAP APIs that are supported by the WS-Security set of standards, REST APIs can have different, incompatible security approaches across groups.

Axway API Gateway authenticates and authorizes REST API requests regardless of the different approaches used for REST security, making it just as easy to implement enterprise-strength protection and integration for REST APIs as it is for SOAP and other APIs.

Enforce message-level security across REST API traffic

Unlike network and web application firewalls, Axway API Gateway detects and prevents message-level threats for REST API traffic by:

  • Scanning HTTP Headers and HTTP QueryString parameters, as well as HTTP POST data.
  • Enabling selective restriction of HTTP verbs (GET, PUT, DELETE, POST, etc.) to detect and block inappropriate usage.
  • Scanning payloads and attachments for harmful content, virus, and JSON/XML schema validation.
  • Providing out-of-the-box integration with CLAM AV, McAfee, and Sophos to detect and prevent common REST API security exploits.

Simplify access control and identity integration

To simplify authentication and authorization of REST API requests, Axway API Gateway provides out-of-the-box integration with CA, IBM, Oracle and other identity management platforms, and provides enhanced capabilities including identity federation, cloud single sign-on and fine-grained client-and application-based authentication.

In addition, Axway enables secure administration and storage of all forms of API security artifacts such as tokens, keys and certificates.

Use OAuth and SAML for identity federation

Consumer users often prefer to use their existing credentials from Google, Facebook, Twitter or other third-party identity providers to log in to an application. This is usually implemented using the OAuth 2.0 standard, and more specifically the three-legged OAuth pattern. Axway API Gateway provides comprehensive OAuth support to help API developers incorporate OAuth client, resource server, and authorization server capabilities into REST APIs.

Axway also supports SAML (Security Assertion Mark-up Language), which is more popular for enterprise federation scenarios, as well as XACML, X.509, Kerberos, OpenID and other popular authentication and authorization standards.

  • Follow Axway on Facebook
  • Follow Axway on Twitter
  • Axway YouTube Channel
  • Axway RSS Feeds
  • Axway Blogs