API Security

APIs, or Application Programming Interfaces, are sets of rules, protocols, and tools that allow different software applications or systems to communicate with each other. APIs play an important role in protecting sensitive data by enforcing access controls, authentication, and encryption, ensuring that only authorized entities can access and transmit confidential information securely.

APIs work as the backend framework for mobile and web applications. Therefore, it is critical to protect the sensitive data they transfer. API security refers to the practice of preventing or mitigating attacks on APIs.

In API security, a gateway acts as the entry point for all requests to your API endpoints. And, ensures secure and reliable access to all API endpoints and microservices in your system.

To secure your APIs, do the following steps:

• Create or upload an API definition
• Deploy an API instance
• Add policies to an API deployment

The following image describes how the API Security in NetScaler Console receives the client request and sends the response from the back-end API services:

Note:

In NetScaler Console, this feature is available for the users who have Premium or Advanced licenses.

Benefits of API Security

The API Security provides you the following benefits:

• Secures your API endpoints: The API Security adds a security layer and it protects your API endpoints and back-end API servers from the attacks such as:

  • Buffer Overflow
  • SQL injection
  • Cross-site scripting
  • Denial of Service (Dos)

• Monitors and improves the API performance: The API Security provides services such as SSL offloading, Authentication, Authorization, Rate limiting, and more. These services increase the API performance and its availability.

  The API analytics provide you the visibility to your API performance metrics and threats to your API endpoints. For more information, see View API analytics.

• Manages the API traffic: The API Security abstracts the complexity of your back-end API infrastructure.

• Discovers API endpoints: The API Security discovers the API endpoints that are in your organization and adds to the API Discovery page.

Grant API Security configuration and management permissions

As an administrator, you can create an access policy to grant user permissions for API Security configuration and management. The user permissions can be view, add, edit, and delete. Do the following to grant permissions:

1. Navigate to Settings > User & Roles > Access policies.

2. Click Add.

3. In Create Access Policies, specify a policy Name and the description.

4. In the Permissions field, expand Applications and then API Security.

5. Select the required API Security pages. Then, select the permissions that you want to grant.

Important:

Ensure to grant permissions for the features that are necessary to use an API Security. For example, if you grant user access to the Deployments page, the following features also require user access:

• StyleBooks
• IPAM
• Load Balancing (Under Network Functions)
• Content Switching (Under Network Functions)
• Device API Proxy (Under API)

For more information about access policies, see Configure access policies on NetScaler Console.