API architecture vulnerability

Question

my web dev team is bringing up concerns about the openness of our API architecture from a Security perspective. I am struggling with the spend and effort associated with implementing an API Manager. The concern is that when we go live with our e commerce platform we will have 150 API’s that are open. To control those we will need to leverage iRules on the F5. &nbsp;
does anyone have a position on how high our risk exposure is and if using the F5 is a feasible approach to API protection at this state. &nbsp;

ekaleido · Answer

How do you want to limit access to these APIs? By IP? Usernames? More details and we can provide a better answer.&nbsp;

jerm1020_254086 · Answer

Probably by IP's but both options are on the table.&nbsp;

vijay_e · Answer

IP based protection is easier. You can just block access to https.&nbsp;

ekaleido · Answer

IP based can be done either by specifying a source in the VIP or by applying a relatively simple iRule that references an IP datagroup. Usernames wouldn't really protect you, the more I think about it, and there are lots of iRule examples for creating "IP whitelists."

Forum Discussion

API architecture vulnerability

4 Replies

Recent Discussions

Unwinding the Benefits of Investing in White Label Crypto Wallet

SMTP profile not visible & showing

About AWAF "Redirect URLs" in "Responses and Blocks"

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

Related Content

Mastering API Architectures Ebook from NGINX

F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller)

F5 Distributed Cloud Web App and API Protection hybrid architecture for DevSecOps

Kubernetes architecture options with F5 Distributed Cloud Services

APIs Everywhere