API security is now in vogue as 75% of the Fortune 500 will have APIs by 2014 and architects must have enterprise grade security controls in place. The primary digital mode of engagement between businesses and their customers, partners, and even employees is through apps. To deliver services via apps, most businesses develop application programming interfaces (APIs) that support machine-to-machine interactions over web protocols such as HTTP.
APIs bring data to both native mobile apps and web mobile applications, but this is just the beginning. For the Enterprise, APIs need to be reliable, scalable, and most importantly secure. API Security involves designing APIs with the proper trust, threat, and data level controls designed in a way that avoids the pitfalls of 'coded-in' security.
The path to API security, reliability, and scalability comes through an API gateway design pattern, deployed by a network edge gateway, called the Intel® Expressway API Manager. API Manager acts as a control point between enterprise IT infrastructure and the outside world accessed through APIs, including the cloud.
The gateway maintains API security and manages volume and complexity as you expose enterprise applications for mobile or partner consumption. The gateway manages perimeter defense, scanning messages for malicious content, performing authentication and authorization, throttling traffic, and scanning for data leaks on API responses sent back to apps running on potentially un-trusted devices. It can also protect data using field-level encryption on JSON content sent to mobile devices. Complete data level protection and authentication safeguards data at the network edge, reducing development costs and mitigating API security risks.