API Access Control Authentication, Authorization and Identity Propagation
API Access Control restricts access to APIs based on user or client roles and prevents unauthorized access to sensitive data. 42Crunch allows developers to define what actions each user role can perform within an API.
Control who or what can access your API
42Crunch prevents the incorrect implementation of authentication controls. Compromised authentication tokens are a common attack path for hackers to exploit implementation flaws in order to assume user’s identities temporarily or permanently. Compromising a system’s ability to identify the client/user, compromises API security overall.
Avoiding API Authentication
and Authorization Vulnerabilities
Authentication enforcement starts at design time by preventing the deployment of APIs with weak authentication schemes. OAuth2 authorization server endpoints are also protected to only allow specific grant types, enforce scopes values and access token validity time. At runtime we validate the JSON Web Token (JWT) according to the RFC 8725.
Automatically Enforce API Access Control at Design & Runtime
At runtime, 42Crunch ensures that only verbs and paths defined in the OpenAPI contract are called. At design-time our audit discovery mechanisms in the CI/CD uncover shadow APIs and automatically audit and report them.
Philippe De Ryck
Standards such as OAuth 2.0 and OpenID Connect rely heavily on JSON Web Tokens (JWTs) for sensitive features, such as authentication and authorization. Industry expert, Philippe De Ryck explains how to avoid security pitfalls.
Ready to Learn More?
Developer-first solution for delivering API security as code.