Ensure legacy APIs are secure and compliant
In many cases, APIs from legacy applications do not have the access control needed to meet security policy and compliance requirements. This vulnerability can result in excessive exposure of sensitive data such as personal identifiable information (PII) or protected health information (PHI).
Axway API Gateway enables role-based, fine-grained authorization for legacy APIs, in order to prevent exposure of sensitive data and ensure compliance with HIPAA, PCI DSS and other regulatory mandates.
Out-of-the-box policy enforcement points (PEP) integrations
Most leading fine-grained authorization/entitlement management products deliver the ability to define and administer policies, but few run-time policy enforcement point (PEP) options to make those policies actionable. Unlike implementations that rely on custom-coded PEPs inside applications, Axway API Gateway offers out-of-the-box PEP integration with leading policy engines, enabling you to enforce authorization policies for accessing APIs and redact data returned by APIs.
Grant API access and control based on roles, attributes and context
API access control policies often are not simple, static rules - they can be quite complex. And that's because authorization decisions frequently depend on attributes and contexts that change over time, such as a user's role, the type of application, the security domain of the API client and even the time of the day.
Axway API Gateway extracts and retrieves the attributes that the policy server requires to make an authorization decision. These attributes can be about the client, the application, the user or the network, and can be extracted from the request or its payload, or looked up in another system (such as LDAP). After providing the policy engine with the required input to make an authorization decision, Axway API Gateway enforces the decision by granting or blocking access to the whole or parts of the API.
Redact API data to meet security and compliance directives
Legacy applications and their APIs often cannot control the amount of data returned by the APIs. With no ability to adjust output based on input parameters such as roles and attributes, the same data set is always returned, which means data can be exposed beyond what is allowed by security and compliance policies.
Axway API Gateway redacts API responses in real time based on authorization policy, and can remove, reduce, mask or encrypt any data element in the API response, based on established policy.