Why you need powerful API protection

Fifty percent of businesses experience data breaches
540 million Facebook user records were exposed
One billion Indian residents were exposed to identity theft

Deliver high-speed performance without sacrificing security

Security for IBM API Connect® is built on the powerful IBM DataPower® Gateway, which was developed on a foundation of performance. With more than 2,000 clients and 15 years of success in mission-critical environments, DataPower Gateway is one of the most resilient, feature-rich, performant and secure gateway platforms on the market.

While DataPower Gateway is the ultimate enforcer at runtime, API Connect’s built-in security includes the ability to set up access control for both API providers and consumers by using role-based permissions, API packaging constructs, and subscription and community management.

Get ten times increased performance with a natively built API security gateway

When it comes to security, DataPower Gateway has you covered

Complete

Using C++ for a single, signed, encrypted image, DataPower Gateway is trusted by defense departments and banks worldwide. Competitors use Java™-based gateways, which can leave you open to hacks.

Efficient

With DataPower Gateway, there’s a single gateway, so you get more powerful security in one simple package. Other solutions introduce complexity with multiple gateways, causing extra work and expense.

Reliable

DataPower Gateway can achieve up to 30,000 TPS* and we proudly publish its performance across both simple and robust policy use cases for transparency where competitors don’t. *on the appliance

Get to know a leading security platform

DataPower Gateway is a purpose-built gateway platform that centralizes common security, traffic, mediation and acceleration functions, and optimizes them in a security-hardened gateway stack. It comes with advanced drag-and-drop security policies to help protect against threats, authenticate users and applications, and ensure only the right parties access your data.

Specifically, the platform includes rate-limiting to help prevent overload of your systems of record, mediation policies to transform data — from JSON to XML, for example — and traffic management policies to intelligently route incoming traffic to the correct services. It can run natively in IBM CloudTM or anywhere OVA or Docker files can be installed, including third-party public clouds like Amazon Web Services, Microsoft Azure and Google Cloud Platform, and on-premises data centers and private clouds like IBM Cloud Private and standard Kubernetes.

How an API security gateway works as a secure gate between traditional systems of record and end users

API Connect offers multiple levels of security

Open Authentication (OAuth)

More about OAuth

OAuth is a token-based authorization protocol that allows third-party websites or applications to access user data without requiring the user to share personal information. This can help enhance security for application users and developers as well as for you as the API provider.

Transport Layer Security (TLS)

More about TLS

API Connect employs enhanced TLS profiles, such as ciphers, for fine-grained control in securing transmission of data through websites, hindering hackers from tampering with information you submit.

Enterprise user registry authentication

More about user registries

API Connect supports a variety of user registry types for authenticating users and securing APIs, including LDAP directory, authentication URL, SCIM and local user registry.

Securing APIs in the credit card industry

Credit card companies deal with highly sensitive customer information that is useful to organizations in other industries. To manage who has access to APIs that contain personal details while managing compliance, the companies need a powerful API security solution. API Connect offers multi-layered security and can move information through a single gateway using some of the highest levels of encryption.

Credit card companies can protect customers from data exposure with API gateway security

The DataPower Gateway devices handle all inbound traffic and act as a first line of defense for our enterprise.

  • Jagadish Vemugunta
  • Lead Technical Architect
  • Availity
  • Learn more

Secure your APIs with DataPower Gateway, integrated into API Connect

An intuitive, graphical interface helps manage API security

Use a graphical user interface, or the simple design view, to manage your API security.
Manage security settings with a source-code interface

You can also handle your detailed security needs using source code through the source view.
Assemble security details with drag-and-drop tools

Manage security using drag-and-drop tools or IBM GatewayScript in the assemble view.
Choose from among security authentication options

Choose your authentication — from basic with API keys to modern third-party OAuth.
An intuitive, graphical interface helps manage API security

Use a graphical user interface, or the simple design view, to manage your API security.

Manage security settings with a source-code interface

You can also handle your detailed security needs using source code through the source view.

Assemble security details with drag-and-drop tools

Manage security using drag-and-drop tools or IBM GatewayScript in the assemble view.

Choose from among security authentication options

Choose your authentication — from basic with API keys to modern third-party OAuth.

Go deeper into DataPower Gateway

DataPower Gateway for developers

Explore DataPower Gateway topics for developers within the forum, on the blog, in GitHub, and with videos — or get started on Docker for free.

Visit the site

OAuth on appliance

Get an introduction to OAuth and the role DataPower plays as a policy enforcement point, authorization and token endpoint with OAuth architectures.

Go to the series

DataPower user community

Discover the topics that actual DataPower users are discussing. Read the latest posts, browse discussion threads or scan use cases in the library.

See the community

Get started with API Connect

Take control of your API ecosystem while propelling your API strategy forward. API Connect is a market-leading API management solution for automated API creation, simple asset discovery, self-service developer access and built-in security and governance.

Get started

Accelerate productivity with powerful products that work with API Connect.

Try these related products

IBM MQ

The industry’s most complete hybrid integration platform with all of IBM’s market-leading integration software

IBM DataPower Gateway

A single, purpose-built gateway to secure, control and accelerate API, mobile, IoT and cloud workloads

IBM App Connect

The powerful all-in-one tool for easily connecting apps, integrating data, building APIs and acting on events

Footnotes

¹ The Forrester Wave: Cybersecurity Incident Response Services, Q1 2019, by Josh Zelonis, 18 March 2019; https://www.ibm.com/downloads/cas/KE05GBKV (477 KB)

² The Telegraph, “Millions of Facebook user records exposed in data breach,” by Margi Murphy, 3 April 2019; https://www.telegraph.co.uk/technology/2019/04/03/millions-facebook-user-records-exposed-data-breach/ (link resides outside ibm.com)

³ Business Insider, “The 21 scariest data breaches of 2018,” by Paige Leskin, 30 December 2018; https://www.businessinsider.com/data-hacks-breaches-biggest-of-2018-2018-12#1-aadhar-11-billion-21 (link resides outside ibm.com)