API Security Gateway Sample Clauses
API Security Gateway. The API Security Gateway (ASG) acts as the Policy Enforcement Point (PEP) for the synchronous HTTP- based APIs exposed by the integration flows created by users in the IFE. It connects to the Security Portal for making authentication and authorization decisions. The ASG can also provide permanent reverse proxy endpoints for the services that do not have fixed/permanent API endpoints. Moreover, the ASG can be used to secure communication to the HTTP-based APIs of other components deployed in the same internal network, such as the Service Registry. Finally, the ASG automates the process of creation of secure proxy endpoints for the services registered in the Service Registry.
API Security Gateway. The ASG can be realised using Apache APISIX. Apache APISIX is a cloud-based microservices API gateway that delivers performance, security, and an open-source and scalable platform for APIs and microservices. It can be used as a traffic entrance to process all business data, including dynamic routing, dynamic upstream, dynamic certificates, A/B testing, canary release, blue-green deployment, limit rate, defence against malicious attacks, metrics, monitoring alarms, service observability, service governance, etc. Compared with the traditional API gateways, APISIX has dynamic routing and plug-in hot loading, which is especially suitable for API management under microservice systems. In addition, Apache APISIX supports delegating the authentication and authorization decisions to an external identity provider.