API Security

Along with the ease of API integrations come the difficulties of ensuring proper API security. Sentinet API Management provides with flexible and comprehensive protection of APIs with API security, as well as implementations of API security when API Gateways make calls to your backend or partner APIs.

Sentinet ensures your APIs comply with your strategy for data Privacy, Non-Repudiation and Attack Prevention.

Sentinet provides the easiest way to manage Authentication and Authorization for API calls by supporting all standard and custom security models.

Sentinet secures communications between applications and APIs regardless of the integration environments such as on-premises, cloud or hybrid.

Sentinet supports multiple authentication schemes and security tokens with pass-through and advanced API security mediation scenarios.

Configure API security with authentication policies using Sentinet API Management Portal. Create your policies for REST APIs or SOAP services with required authentication schemes, or use out-of-the-box available policies for your API endpoints.

Sentinet provides API security for multiple communication Protocols and Message Formats

  • REST
  • SOAP
  • SOAP to REST
  • JSON
  • XML
  • Text, binary, custom formats
  • Microsoft Azure Service Bus

Sentinet supports all standard and custom Authentication Schemes

  • Username/Password
  • X.509 Certificates including mutual SSL
  • OAuth and OpenID Connect
  • Cryptographic API Keys
  • Windows Kerberos and NTLM
  • Windows Active Directory Group membership
  • Microsoft Azure Active Directory
  • WS-Security for SOAP
  • SAML 1.1, 2.0
  • Extensibility for custom authentication

Authorization and Access Control

Early protection of APIs with authorized access is a vital element of any API Security. Sentinet offers unique capability to easily combine API Authorization logic with granular Access Control by using comprehensive Access Rules.

Access Rules Designer

Sentinet provides a graphical Access Rules Designer to secure REST APIs and SOAP services with either simple or complex Access Rules. Access Rules implement authorization logic that may include multiple diverse access validation criteria such as specific user or application identity(ies), Role-based access control, messages format, messages content, date/time schedules, rate limits, access patterns and many other criteria, which all can be combined to implement comprehensive Access Control logic. The Access Rules designer can be easily extended with literally any custom authorization logic using Sentinet extensibility features.

Access Rules Designer

Instantly create custom Access Rules which combine different API access validation criteria using drag-and-drop user interface of the Access Rules Designer.

Sentinet provides flexible Access Rules configurations using multiple validation criteria based on

  • Username/Password
  • X.509 certificate
  • JWT or SAML claims
  • Windows Identity
  • Windows Group membership
  • Url validation
  • HTTP Header validation
  • HTTP Method validation
  • Client IP address(es) validation
  • Rate Limits
  • Date/Time schedule
  • Messages content validation
  • Custom validation logic

Using Access Rules

Access Rules are reusable components stored in the Sentinet API Catalog. They can be assigned to more than one REST API or a SOAP service, and more than one Access Rule can be assigned to an API or a service. Drag-and-drop Access Rules to secure your API with authorization logic in just a few seconds.

Assign Access Rules to an API’s Access Control in just few seconds using drag-and-drop user interface.

Reduce Security and Compliance Risk

Sentinet API Management Portal provides 360 degrees view and impact analysis on how your security Policies and Access Rules are applied across all of your APIs or specific groups of APIs. Compliance to designed policies significantly reduces API security risks and ensures your API integrations follow adopted strategies.