API | An application programming interface (API) is an interface or communication endpoint and defines how software components interact. Concerning the Airlock Gateway (WAF), we use the term API to denote a set of service endpoints (e.g. a set of REST endpoints). |
API key | An API key is a string passed by the Tech-Client (API client) to an API endpoint or API gateway. The key uniquely identifies the Tech-Client and is part of every request. |
API Policy Service | The API Policy Service is an Airlock IAM service called by the Airlock Gateway (WAF) to get information about Tech-Clients given an API key. |
Plan (API Plan) | An API plan is a template for API access restrictions encompassing access control, rate limit and quota information. A plan is typically assigned to a Tech-Client such that request sent by the Tech-Client can be checked against the restrictions of the plan. |
Quota | A limit in the number of requests during a long time period such as a month or a year. To check a quota, request counters are persisted. Quotas are used for API monetization. Example: 10 m requests/month. For limits over a short period such as seconds, we use the term rate limit. |
rate limit | A limit in the number of requests during a short time. A rate limit can be checked at runtime without persistence. It is used to protect against overload and in API monetization. Example: 10 requests/second. For limits over a long period such as days or weeks, we use the term quota. |
Tech-Client | A technical API client such as a REST client. A Tech-Client is an identity used by a piece of software using a service API. A Tech-Client can be part of another service (e.g. the webserver of a fintech company) or a client software operated by the user (e.g. smartphone app). |
tenant | Data owner concept where a user of the Airlock Gateway is limited to tenancy-typical actions and data access. Basically this means that users with tenant rights are isolated from other tenant-users on the Airlock Gateway. |
tenant | Airlock IAM supports two concepts to segregate users: Tenant and Realm. In the tenant concept, multiple IAM instances share one database schema in order to save costs if database pricing is schema-based. |
Throttling | The act of applying a rate limit (in the Airlock Gateway). Limits the number of requests per second (or another short time period) by rejecting excess requests. |