By Tanu Sood-Oracle on May 15, 2013
Author: Sid Mishra
The Application Programming Interface (API) is an emerging technology trend for integrating applications using web technology. Adoption of a cloud based computing approach using an API based model results in greater operational efficiencies and lower costs than many traditional IT deployments. The approach is gaining popularity because it is based on well-understood techniques and leverages existing infrastructure. APIs and traditional services in a SOA model have a 1:1 relationship: an API is the interface of a service. Services are about the implementation and are focused on the provider, while an API is about using the functionality, and is focused on the consumer.
However, as with any new technology, security is often a major inhibitor to adoption. A cloud service consumer or subscriber based computing model is associated with concerns over visibility into these services, less control over security policies, new threats facing shared deployment environments and complexity of demonstrating compliance. Also, it can be a mistake to think APIs should be secured using the same methods and technology used to secure conventional browser-centric web. While it is true that APIs share many of the same threats as the web and a consistent and centralized access control is a growing pain point for most deployments, APIs are fundamentally different from web sites and have a unique risk profile that must also be addressed.
Oracle API Gateway as a standards-based, policy-driven, standalone software security and API management solution provides first line of defense in Service-Oriented Architecture (SOA) and cloud environments. It enables organizations to securely and rapidly adopt Cloud, Mobile and SOA Services by bridging the gaps and managing the interactions between all relevant systems. Oracle API Gateway as a central access control point manages how internal users and application assets are exposed to outside cloud offerings and reduces cloud related security risks. It allows enterprises to leverage their existing Identity and Access Management investments by extending authentication, authorization and risk policies to mobile, cloud and enterprise applications – without requiring change to back-end applications and services. Oracle API Gateway as Mobile Access Gateway simplifies the process of adapting internal data, application and security infrastructure for mobile use. It provides a centralized way to control security and management policies for information assets exposed via internet APIs, to mobile applications and developers.