Access Control & Security
Don’t lock your API down. Set it free with centralized traffic and policy control
- Authenticate traffic and drop unwanted calls
- Package your API by creating access tiers
- Impose rate limits and generate overage alerts
How do you manage your API? Who gets access? Can you establish and control different levels of access for different types of users? Can you control what different applications can do with it?
Access control is the essential first step to making sure only API calls with valid, successfully authenticated credentials are able to access your API. If you need to, you can also classify different types of users and provide a variety of business services. Application plans help you control what can be done with your API. And finally, rate limits allow you to manage and control the flow.
Secure your API:
3scale gives you a variety of standard options for API authentication and security, which can be used alone or in combination to issue credentials and control access:
- Standard API keys
- Application ID and key pair
- OAuth v1.0 and 2.0
Additional custom options, such as IP address or domain whitelisting, are available on some plans for customers with more complex security needs.
A centralized dashboard makes it easy to issue and revoke credentials as needed and drop unwanted API calls on the fly, allowing you to protect back-end services.
3scale’s access control features go beyond basic security and authentication. Application and account plans let you restrict access to specific endpoints, methods, and services and apply access policy easy for groups of users. Tiered access levels make it easy to monetize your API with paid plans.
Application plans allow you to set rate limits for API usage and control traffic flow for groups of developers. Set per-period limits for incoming API calls to protect your infrastructure and keep traffic flowing smoothly. Automatically trigger overage alerts for applications that reach or exceed rate limits, and define behavior for over-limit applications. Rate limits can be applied to paid plans, and plans can be configured to charge an additional high-volume fee for calls above and beyond the rate limit.