What is API Gateway Authentication?
Authentication in an API Gateway verifies the identity of clients by checking their credentials, like tokens or API keys. This process ensures that only authorized users can access API functions, protecting your application from unauthorized access and potential security threats.
A Kubernetes API Gateway acts as an intermediary within a Kubernetes environment, providing a single entry point for external requests and routing them to the appropriate microservice. This setup is crucial for managing communication efficiently.
Given the constant threat of network breaches, establishing strong security measures is imperative. The API Gateway serves as the first line of defense, intercepting API requests and securing them through authentication and authorization, among other methods. This not only prevents unauthorized access but also guards against data breaches and other security risks.
Edge Stack Key Security Features
Authentication
One of the most vital ways to secure software is by adding authentication. The core of authentication is checking a user’s credentials against a known entity and sending back a credential for the user to send in subsequent requests, whether that’s a JWT, a session cookie, etc.
Edge Stack has an enhanced API gateway authentication feature that secures access to your services and integrates with popular identity providers. With it, you can also declare access control policies and control who has access to specific services.
Read the Docs:
WAF Integration
Edge Stack comes fully equipped with a Web Application Firewall solution (commonly referred to as WAF) that is easy to set up and can be configured to help protect your web applications by preventing and mitigating many common attacks.
Read the Docs:
How to set up a WAF using Edge Stack
Configuring Web Application Firewall rules
Rate Limiting
Rate limiting is a powerful technique to improve the availability and resilience of your services. Edge Stack features a built-in Rate Limit Service (RLS). Edge Stack RLS uses a decentralized configuration model that enables individual teams the ability to independently manage rate limits independently.
Learn more:
Transport Layer Security (TLS)
Edge Stack, the Kubernetes API Gateway enables automatic TLS setup via ACME integration and serves multiple Hosts behind a single IP address, each with its own certificate.
Read the Docs:
How Transport Layer Security (TLS) works
Setting up Server Name Indication (SNI) with Edge Stack
External Filter
Filters are used to extend Edge Stack to modify or intercept a request before sending to your backend service. The most common use case for Filters is authentication, and Edge Stack includes a number of built-in filters for this purpose.
Edge Stack also supports developing custom filters, which allow you to execute custom logic in Filters, inspect or validate an incoming request, and perform modifications on headers and response codes.
Read the Docs: