Tutorials

API Protection Micro API Firewall

In previous tutorials, we have covered static analysis with the API security audit, dynamic testing with conformance scan – now it’s time to discuss protection. The Protection function is real-time protection of live APIs.

Protection Overview

You put our API firewall in the line of traffic. It’s an extremely efficient piece of software that we ship as a docker image. It’s been written in C, is highly optimized, less than 20 megabytes in size and has a sub-millisecond overhead.

When put in the line of traffic, our API Firewall uses your secure OpenAPI definition as an allowlist and policies. Essentially, it enforces the contract on all the API calls and all the responses (data coming in, data going out). Therefore, no call with get to your code if it’s outside of your contract, and no response will get sent back if it’s not expected.

To enable Protection, first click on Protect API.

Generating a Token

Next step is to generate a token. (1) Click on Protection Tokens > (2) Create Token > (3) Enter a name > (4) Click Generate Token. (screen shot of naming).

You then copy the token. Once you copy the token and close out the window there is no way to get the token for security reasons.

Deployment Docs

You will then need to configure your network to pass all the API calls and responses through the 42Crunch API Firewall. Click on Deploy Your APIs to follow the proper documentation related to your current deployment.

Navigating the Report

All actual security issues are scored based on the risk involved. The greater the risk, the higher the score (priority). You can filter issues by priority or category, or view all found issues as a list. You can also search for specific issues both in ‘All Issues’ and in each individual category.

You can immediately start fixing issues from the priority list, or click into individual issues and remediate from there. Clicking on Go to Issue takes you to the place in your code where the issue occurs and shows you a description and remediation recommendations.

Watch the 42Crunch API Firewall in Action

Check out the demo below to see our API micro-firewall in action!

Latest Resources

WEBINAR

OWASP BOLA, BA, BOPLA: wie man sie finded und behebt

Wir werden verstehen wie die OWASP API Top 3 von Hackern genutzt werden um Daten aus Unternehmen zu stehlen und wie man sie schon während der Implementierung findet und beheben kann.

BLOG

Why FAPI 2.0 alone is not enough medicine to secure healthcare APIs

By Jacques Declas | August 18, 2025

In conversation recently with Mark Ballard of ComputerWeekly I discussed the significant announcement by the Norwegian Health Network (NHN), that it has mandated FAPI 2.0 (Financial-grade API) across its entire healthcare ecosystem, including hospitals, clinics, pharmacies, and municipal health services. The FAPI 2.0 Security Profile is an API security […]

DataSheet

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Secure Your APIs Today

#1 API security platform

Free Trial

API SECURITY PLATFORM

SERVICES

Free API Security testing

KEY INITIATIVES

BY FUNCTION

BY INDUSTRY

DEVOPS

Runtime

EXPLORE

Dive Deeper

API Testing

ABOUT US

WHY 42Crunch

LANGUAGE