API Security

Sentinet secures communications between applications and APIs regardless of the integration environments such as ESB, Enterprise Applications Integration, public or private exposure of APIs to business partners.

Sentinet provides managed authentication and authorization for API calls by supporting all standard and custom security models.

Sentinet supports simple security pass-through and advanced security mediation scenarios.

Protocols and Message Formats

  • REST
  • SOAP
  • SOAP to REST transformations
  • Text, binary, custom formats
  • MSMQ
  • Microsoft Azure Service Bus

Authentication Schemes

  • Username/Password
  • X.509 Certificates including mutual SSL
  • Cryptographic API Keys
  • OAuth and OpenID Connect
  • Windows Kerberos and NTLM
  • Windows Active Directory Group membership
  • Microsoft Azure Active Directory
  • WS-* for SOAP
  • SAML 1.1, 2.0
  • Extensibility for custom authentication

Authorization and Access Control

Access Rules Designer

Sentinet provides a graphical Access Rules Designer to secure REST APIs and SOAP services with either simple or complex Access Rules. Access Rules implement authorization logic that may include specific API caller identities, request formats, message content, date/time schedules, access patterns and many other criteria which can be combined using logical operations. The Access Rules designer can be easily extended with literally any custom authorization logic using Sentinet extensibility features.

Access Rules Designer

Using Access Rules

Access Rules are reusable components stored in the API Repository. They can be assigned to more than one REST API or SOAP service, and more than one Access Rule can be assigned to an API or a service. Drag-and-drop Access Rules to secure your API with authorization logic in just a few seconds.