Layer7 API Management

  • 1.  API hosting server protection

    Posted Oct 04, 2016 03:32 PM

     I have a basic question on how Layer-7 API management product works. I believe all API URLs are protected in Layer-7 and all API requests goes through layer-7 gateway which authenticates the caller and forward the requests to API hosting server (based on URI/URL) which returns API response back to caller via gateway. Do we need to install any layer-7 plug-in or  library on API hosting server ? How do we protect if some one call API directing by invoking hosting server (bypass layer-7 gateway) by setting required headers ? Basically, how does API hosting server ensure that request came via layer-7 ?



  • 2.  Re: API hosting server protection
    Best Answer

    Broadcom Employee
    Posted Oct 04, 2016 06:39 PM

    Good afternoon.

     

    The gateway does not require an agent or library to be installed on the back-end servers. The Gateway is meant to have requests forwarded through to process, validate, etc against. This is normally controlled by isolating the back-end environment from direct traffic both from external or internal sources. If this is not feasible then depending on the back-end technology, you can setup redirect rules or outright denial of access based on the client IP address accessing it, and/or using client mutual authentication that only the Gateway has the private key for and the back-end trusts.

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support