Introduction
Published APIs can be protected strongly by configuring their OpenAPI specification in Airlock Microgateway. This way, HTTP requests and responses are checked against the OpenAPI specification. In case of a violation, they will be blocked.
The illustration shows the filtering engine, which reads the OpenAPI specification at startup and validates the HTTP requests and responses against it.
Such a setup has the following advantages:
- Enforcing a tight OpenAPI specification reduces the attack surface significantly and provides strong security guarantees.
- OpenAPI specifications are typically generated in an automated way by the API build pipeline. No reverse-engineering by security personel is required and a DevSecOps process can be established.