42Crunch Developer First API Security Platform

Protect your APIs from code to production with the click of a button

Audit. Scan. Protect.

The 42Crunch platform provides a set of automated tools to easily secure your entire API infrastructure by describing security in the API contract, and enforcing those policies throughout the entire lifecycle. By delivering security as code you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing the security of your APIs.

Developers initiate the API security process at the time of design 

42Crunch executes 300+ security checks against the API contract, provides detailed security scoring for prioritization, and remediation advice to help developers define the best contract possible. Audit reports are also delivered right to the developer’s IDE, allowing them to easily take action without the need to use specific tools. Therefore, required security is declared instead of developed/maintained manually across multiple tools/environments.

  • Actionable report with zero false positives
  • Available from IDEs and CI/CD pipelines
  • Instant visibility into API security status
  • Governance of corporate security standards


Security Checks 





Security scan detects misconfigurations and vulnerabilities at testing time

Once the API contract has reached a satisfactory audit score, 42Crunch will test the live API endpoints to uncover potential vulnerabilities and discrepancies of implementation against the contract. 

  • Ensures implementation is inline with API contract
  • Early detection of data or exception leakage
  • Continuous tracking of potential vulnerabilities

Protection is automatically applied at deployment time

Finally, the API contract is used to protect APIs using our micro API firewall. The runtime is fully optimized to be deployed and run on any container orchestrator such as Docker, Kubernetes or Amazon ECS. It can protect North-South and East-West microservices traffic. With minimal latency and footprint, it can be deployed against hundreds of API endpoints with minimal impact. 

  • API Firewall is configured in one-click from API contract
  • Contract becomes the allowlist for security
  • No need to guess via AI which traffic is valid
  • No policies to write

API Security by Design

API Native

Addresses unique API security requirements across data validation, authentication, authorization, confidentiality and integrity.

Positive Security Model

The API contract is the core of the security configuration, allowing to automatically enforce traffic inbound and outbound.

Integrated into CI/CD

Easily push your OpenAPI / Swagger definition to your CI/CD pipeline and automatically audit, scan and protect your APIs.

Micro API Firewall

Thanks to its low footprint & ultra-low latency, 42Crunch micro API Firewall can be deployed at scale on any Docker orchestrator.

Intuitive User Interface

The intuitive interface makes it easy to get started on day one, and provides real-time Security dashboards with actionable data.

Designed for DevSecOps

Enables a seamless DevSecOps experience from API development to deployment through automated process across all teams.

Platform Features

Learn more about each of the features in the 42Crunch API Security Platform

API Security Audit

42Crunch executes 300+ security checks against the API contract, provides detailed security scoring for prioritization, and remediation advice to help developers define the best contract possible. 

Learn More

API Conformance Scan

42Crunch Conformance Scan is a dynamic runtime testing of your API to ensure that the implementation behind your API matches the contract set out in the OpenAPI / Swagger definition of the API.

Learn More

API Firewall Protection

42Crunch Platform moves the defense from the network perimeter to in-depth directly in front of your APIs. With API Protection, you can protect each API from malicious intents with a micro-API firewall. 

Learn More

Ready for DevSecOps

Push your OpenAPI / Swagger definition to your CI/CD pipeline and automatically audit, scan and protect your APIs.

  • At any stage: design, development, testing, runtime - 42Crunch tells you exactly what each security issue is, with specific location in the OpenAPI / Swagger file, an explanation of the possible exploit scenario and suggested remediation.

  • Cloud-native architecture means that protection can get added to your existing microservice deployments with no extra infrastructure required.

  • No proprietary formats - the platform leverages the industry standard OpenAPI Specification.

  • Hybrid deployment model (management and testing done from the cloud and protection firewall deployed next to your APIs in your current deployment infrastructure) makes getting started and maintaining the system a breeze.
  • 42Crunch gets embedded right into your current tooling: IDEs, code repositories & collaboration platforms, CI/CD - being there right when you need it.

  • Security Audit and Scanning become automated checks ensuring that insecure code never makes it to the master branch and production deployment.

  • Runtime protection policies get automatically redeployed with each API change making sure that you can stay agile without compromising security.
  • 42Crunch dashboards provide common view on all the projects that the enterprise has, all APIs in them, and the state of security for each and every one of them.

  • All teams: API architects, developers, QA, security, operations – get a shared view of API security, its shared definition, and shared understanding of what needs to be done to improve it.

  • 42Crunch integrates with existing collaborative developer tooling such as GitHub, GitLab, or Azure pipelines.

Ready for DevSecOps

Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your API.

For Developers

Audit your API contract against 300+ security vulnerabilities, we’ll rank them by severity level and tell you exactly how to fix them – making security a seamless part of your development lifecycle

Find out more

For Security

Enforce a zero-trust architecture by ensuring all your APIs meet a set security standard before production, scan the live API endpoints for potential vulnerabilities, and automate redeployment. 

Find out more

For Operations

Ensure security of all your APIs from design to deployment, get detailed insight about attacks on APIs in production – and protect against threats – without impacting performance.

Find out more

Deploy Anywhere!

You can use our API firewall to equally protect north-south and east-west traffic. Thanks to its low footprint, it can be deployed at scale on any container orchestrator such as Kubernetes, Amazon ECS or Red Hat OpenShift(®).

Our runtime is fully compatible with existing API management solutions or API gateways and with microservices-based architectures. We support the sidecar proxy and gateway deployment models.


Want to learn more? Here are some resources to help you out!

Free Tools

Looking to make OpenAPI / Swagger editing easier in VS Code? Or want to check how secure your API is? Check out our free tools.

Get Started

#1 API Security Community

Join your security peers and get the industry’s leading API security newsletter every week.

Learn More

Platform Tutorials

Ready to get started? We have some short video tutorials for audit, scan and protection to help get you up and running as fast as possible.

Get Started

Ready to Get Started?

Developer-first solution for delivering API security as code.