Back when Service Oriented Architectures (SOA) were all the rage and SOAP-based web services were the primary means of integration, there arose a need for SOA Gateways in the market. These solutions offered management, versioning, HTTP routing, and more. What they didn't offer - at least not comprehensively - was security. For that, we saw the rise of SOA Security Gateways.
Today, APIs are all the rage and RESTful, JSON-based services provide the backbone for mobile and cloud-native apps to exchange data. APIs need the same set of services as SOA gateways - including security. But like their predecessors, most API Gateways are focused on business and application-specific capabilities.
API Gateways like 3scale evaluate, transform, and secure messages across an organization. They provide support for versioning, rate limiting, and business-focused functions like integration with payment gateways. Dashboards offer developers a view of performance and usage.
But API Gateways don't necessarily provide comprehensive security coverage. DoS protection, ferreting out malicious content, and blocking bots is the purview of security services like an advanced WAF. By pairing the two, you raise the bar on security and increase confidence in the integrity of your APIs.
This is particularly important considering that 60% of organizations offer a public API (State of API Integration 2018, Cloud Elements) available to any developer. Any developer might be a good thing for opening up opportunity, but it also opens the business to attack by those harboring malicious intent.
F5 has teamed up with 3scale to enable customers to enjoy a comprehensively secure application environment. By layering an F5 Advanced WAF in front of a 3scale API gateway, you can benefit from additional security measures that include the use of IP intelligence to identify threats faster and more accurately, the ability to offer a secure API façade internally or externally, and protection against a variety of application layer attacks.
That's increasingly important as APIs take center stage as the primary means of integration both internally and externally. As noted in a Forbes article in 2018:
The list of high-profile companies that exposed information on customers due to API problems in just the last few months includes online retail giant Amazon, telecom T-Mobile, food retailer Panera Bread and the Black Hat security conference
This is not a list you want to find yourself on, and that's why we partnered with 3scale to bring this solution to market.
You can find out more about how F5 Advanced WAF works with 3scale to protect APIs in this solutions brief.
About the Author
Related Blog Posts
Why sub-optimal application delivery architecture costs more than you think
Discover the hidden performance, security, and operational costs of sub‑optimal application delivery—and how modern architectures address them.
Keyfactor + F5: Integrating digital trust in the F5 platform
By integrating digital trust solutions into F5 ADSP, Keyfactor and F5 redefine how organizations protect and deliver digital services at enterprise scale.
Architecting for AI: Secure, scalable, multicloud
Operationalize AI-era multicloud with F5 and Equinix. Explore scalable solutions for secure data flows, uniform policies, and governance across dynamic cloud environments.
Nutanix and F5 expand successful partnership to Kubernetes
Nutanix and F5 have a shared vision of simplifying IT management. The two are joining forces for a Kubernetes service that is backed by F5 NGINX Plus.
AppViewX + F5: Automating and orchestrating app delivery
As an F5 ADSP Select partner, AppViewX works with F5 to deliver a centralized orchestration solution to manage app services across distributed environments.
F5 NGINX Gateway Fabric is a certified solution for Red Hat OpenShift
F5 collaborates with Red Hat to deliver a solution that combines the high-performance app delivery of F5 NGINX with Red Hat OpenShift’s enterprise Kubernetes capabilities.