Dynamic Authorization for the Apigee API Gateway
One of the most common API gateways in the market that Axiomatics customers work with is Apigee. This gateway comes with built-in capabilities for extending the authorization and with that calling an external authorization service. Apigee also has capabilities to be extended using custom coding/development.
Axiomatics and Apigee can be configured to apply authorization on APIs. The information the API call returns can be masked or redacted using different techniques available both in the Axiomatics components and by leveraging the custom development aspects of Apigee. Key takeaways:
- Core concepts of dynamic authorization for APIs
- Applying policy-based fine-grained authorization for APIs
- Policy-based authorization on the data payload returned by an API call, i.e. masking/redaction of data.
We see the need for dynamic authorization on API Gateways for use cases such as new customer portals, a ugmenting OAuth with ABAC to achieve fine-grained authorization and building microservices and externalizing authorization.