APPLICATION PROGRAMMING INTERFACE WALL
First Claim
1. An application programming interface (API) call filtering system to filter API call requests received, via a network, from a device that is network-connected and configured to run endpoint application hardware and/or software, to secure an API service that accepts API call requests and provides API call responses thereto, the system comprising:
- at least one computing device configured to implement one or more services, wherein the one or more services are configured to;
a) monitor, at an API filter, API call requests received from an endpoint application directed to a server configured to provide, at least in part, the API service;
b) monitor authentication methods of the API call requests;
c) compile authentication information related to the authentication methods;
d) compile performance indicators of the API call requests;
e) analyze the compiled performance indicatorsf) create at least one report based at least in part, on the analyzed performance indicators and compiled authentication information;
g) modify an authentication method of at least one API call request in response to a security team input following an output of the at least one report, to form a modified API call request that is processable by the server as the server is configured for the API call requests, wherein modifying an authentication method comprises, for at least some API call requests, creating a requirement that the at least one API call request satisfy an authentication test that the at least one API call request would not have otherwise had to satisfy; and
h) send the modified API call request to the server.
3 Assignments
0 Petitions
Accused Products
Abstract
Application programming interfaces (APIs) can be unintentionally exposed and allow for potentially undesirable use of corporate resources. An API call filtering system configured to monitor API call requests received via an endpoint and API call responses received via a supporting service of an API or web service. The API call filtering system enables enterprises to improve their security posture by identifying, studying, reporting, and securing their APIs within their enterprise network.
116 Citations
30 Claims
-
1. An application programming interface (API) call filtering system to filter API call requests received, via a network, from a device that is network-connected and configured to run endpoint application hardware and/or software, to secure an API service that accepts API call requests and provides API call responses thereto, the system comprising:
-
at least one computing device configured to implement one or more services, wherein the one or more services are configured to; a) monitor, at an API filter, API call requests received from an endpoint application directed to a server configured to provide, at least in part, the API service; b) monitor authentication methods of the API call requests; c) compile authentication information related to the authentication methods; d) compile performance indicators of the API call requests; e) analyze the compiled performance indicators f) create at least one report based at least in part, on the analyzed performance indicators and compiled authentication information; g) modify an authentication method of at least one API call request in response to a security team input following an output of the at least one report, to form a modified API call request that is processable by the server as the server is configured for the API call requests, wherein modifying an authentication method comprises, for at least some API call requests, creating a requirement that the at least one API call request satisfy an authentication test that the at least one API call request would not have otherwise had to satisfy; and h) send the modified API call request to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. (canceled)
-
12. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, wherein the computer system is an application programming interface (API) wall, cause the computer system to at least:
-
identify, at an API wall, API call requests for a web service, the API call requests transmitted from an endpoint to a server, wherein the server is a component of an enterprise network; identify, at the API wall, API call responses transmitted from the server; collect business intelligence related to the API call requests and the API call responses, the business intelligence including statistics and properties of the endpoint; compile a report, the report including statistics, analysis, and/or recommendations related to the API call request; create, via the API wall, a dashboard including information related to API use across the enterprise network; and provide, via the API wall, control mechanisms for modifying access to an API, limiting access to the API, creating access control lists (ACLs), and enforcing ACLs, wherein control mechanisms operate in response to security team inputs following output of the report, wherein modifying access comprises modifying an authentication method of at least one API call request that, for at least some API call requests, creates a requirement that the at least one API call request satisfy an authentication test that the at least one API call request would not have otherwise had to satisfy. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-implemented method for filtering application programming interface (API) calls in a secured network environment, the computer-implemented method, comprising:
under control of one or more computer systems configured with executable instructions, a) receiving, at an API call filter, an API call request from an endpoint directed to a server in an enterprise network; b) determining, at the API call filter, whether a to-be-sent API call request will be the original API call request or a modified API call request, wherein the to-be-sent API call request is to be sent to a secured API supporting service, wherein the secured API supporting service provides at least one API to access a business unit of the enterprise network, and wherein determining is based on operator inputs; c) sending the to-be-sent API call request to the secured API supporting service; and d) transmitting, over the secured network environment, an API call response to the endpoint. - View Dependent Claims (22, 23, 24)
-
25. A computer-implemented method for filtering application programming interface (API) calls in a secured network environment, the computer-implemented method, comprising:
-
providing an API wall device at a logical perimeter of a secured network; monitoring, at the API wall device, API calls from a plurality of endpoint apps executing on user devices with the API calls directed to a secured server, wherein the secured server is within the logical perimeter of the secured network and the user devices are outside the logical perimeter of the secured network, and wherein monitoring can occur without requiring advance knowledge of endpoint apps of the plurality of endpoint apps, the API calls, or the secured server; aggregating statistics over the API calls to form a report relating to the statistics; outputting the report to a security team tasked with maintaining security for the secured network; receiving inputs from the security team; and processing a received API call based on the received inputs from the security team, wherein processing includes modifying an authentication method for at least some API call requests based on the received inputs. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification