Published APIs can be protected by configuring the corresponding OpenAPI specification in the Airlock Microgateway.
Even though the Airlock Microgateway default settings work well for most upstream web application services, enforcing a tight OpenAPI specification reduces the attack surface significantly. HTTP requests and responses are checked against the OpenAPI specification and will be blocked in case of a violation.
OpenAPI specifications are typically generated in an automated way by the API build pipeline. No reverse-engineering by security personnel is required and a DevSecOps process can be established.
This CR needs to be referenced in the CR ContentSecurity.