{"id":208,"date":"2022-04-08T14:14:17","date_gmt":"2022-04-08T13:14:17","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?page_id=208"},"modified":"2023-02-10T15:36:27","modified_gmt":"2023-02-10T15:36:27","slug":"api-access-control","status":"publish","type":"page","link":"https:\/\/staging2022.42crunch.com\/api-access-control\/","title":{"rendered":"API Access Control"},"content":{"rendered":"\n\n\t\t<h1>\n\t\t\tAPI Access Control\n\t\t\t\t\t\t\t\t\t\t\tAuthentication, Authorization and Identity Propagation\n\t\t<\/h1>\n\t\t\t<p>API Access Control restricts access to APIs based on user or client roles and prevents unauthorized access to sensitive data. 42Crunch allows developers to define what actions each user role can perform within an API.<\/p>\t\t\n\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/Icons-42Crunch_Security-Audit.png\" alt=\"Icons 42Crunch_Security Audit\" \/>\n\t\t<h4><a href=\"https:\/\/staging2022.42crunch.com\/api-security-testing\/\" target=\"_self\" rel=\"noopener\">API Security Testing<\/a><\/h4>\n\t\t\t<p>Identification of API Security flaws and vulnerabilities.\u00a0<\/p>\t\t\n\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/Icons-42Crunch_42-Wall.png\" alt=\"Icons 42Crunch_42 Wall\" \/>\n\t\t<h4><a href=\"https:\/\/staging2022.42crunch.com\/api-protection\/\" target=\"_self\" rel=\"noopener\">API Protection<\/a><\/h4>\n\t\t\t<p>Content validation, threat detection\u00a0and traffic throttling.<\/p>\t\t\n\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/07\/Icons-42Crunch_DeveloperPerson-copy-2-White.png\" alt=\"Icons-42Crunch_DeveloperPerson-copy-2 White\" \/>\n\t\t<h4>API Access Control<\/h4>\n\t\t\t<p>Authentication, authorization and identity propagation.<\/p>\t\t\n<h2>\n\t\tControl who or what can access your API\n\t<\/h2>\n\t<p>42Crunch prevents the incorrect implementation of authentication controls. Compromised authentication tokens are a common attack path for hackers to exploit implementation flaws in order to assume user&#8217;s identities temporarily or permanently. Compromising a system&#8217;s ability to identify the client\/user, compromises API security overall.<\/p>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/AdobeStock_472605390-Web-1024x576.jpg\" alt=\"Vector unknown person icon collage is created from random recursive unknown person items. Hidden Expenses rubber blue round stamp seal. Recursive combination for unknown person icon.\" itemprop=\"image\" height=\"576\" width=\"1024\" title=\"Distress Hidden Expenses Badge and Unknown Person Fractal Collage of Self Icons\" onerror=\"this.style.display='none'\"  \/>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/OAUTH-JWT-logos-1024x576.png\" alt=\"OAUTH JWT logos\" itemprop=\"image\" height=\"576\" width=\"1024\" title=\"OAUTH JWT logos\" onerror=\"this.style.display='none'\"  \/>\n<h2>\n\t\tAvoiding API Authentication<br \/>and Authorization Vulnerabilities\n\t<\/h2>\n\t<p>Authentication enforcement starts at design time by preventing the deployment of APIs with weak authentication schemes. OAuth2 authorization server endpoints are also protected to only allow specific grant types, enforce scopes values and access token validity time. At runtime we validate the JSON Web Token (JWT) according to the RFC 8725.<\/p>\n<h2>\n\t\tAutomatically Enforce API Access Control at Design &#038; Runtime\n\t<\/h2>\n\t<p>At runtime, 42Crunch ensures that only verbs and paths defined in the OpenAPI contract are called. At design-time our audit discovery mechanisms in the <a href=\"https:\/\/staging2022.42crunch.com\/cicd-api-integrations\/\">CI\/CD<\/a> uncover shadow APIs and automatically audit and report them.<\/p>\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/04\/Icons-42Crunch-API2-1024x576.png\" alt=\"Icons 42Crunch API2\" itemprop=\"image\" height=\"576\" width=\"1024\" title=\"Icons 42Crunch API2\" onerror=\"this.style.display='none'\"  \/>\n\t<h4>BLOG<\/h4>\n<h2>\n\t\t<a href=\"https:\/\/staging2022.42crunch.com\/7-ways-to-avoid-jwt-pitfalls\/\" title=\"How to Avoid the Security &lt;br&gt; Pitfalls of JWT\" target=\"_self\" rel=\"noopener\">\n\t\tHow to Avoid the Security <br \/> Pitfalls of JWT\n\t\t<\/a>\n\t<\/h2>\n\t\t\t\t<img decoding=\"async\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/bb-plugin\/cache\/Speaker-Philippe-Deryck-circle.jpeg\" alt=\"Speaker Philippe Deryck\" title=\"Speaker Philippe Deryck\" itemprop=\"image\"  \/>\n\t<p>Philippe De Ryck<\/p>\n\t<p>Standards such as OAuth 2.0 and OpenID Connect rely heavily on JSON Web Tokens (JWTs) for sensitive features, such as authentication and authorization. Industry expert, Philippe De Ryck explains how to avoid security pitfalls.<\/p>\n<h2>\n\t\tReady to Learn More?\n\t<\/h2>\n\t<p>Developer-first solution for delivering API security as code.<\/p>\n\t\t\t<a href=\"https:\/\/staging2022.42crunch.com\/get-started\/\" target=\"_self\" role=\"button\" rel=\"noopener\">\n\t\t\t\t\t\t\tGet Started\n\t\t\t\t\t<\/a>\n\n","protected":false},"excerpt":{"rendered":"<p>API Access Control Authentication, Authorization and Identity Propagation API Access Control restricts access to APIs based on user or client roles and prevents unauthorized access to sensitive data. 42Crunch allows developers to define what actions each user role can perform within an API. API Security Testing Identification of API Security flaws and vulnerabilities.\u00a0 API Protection [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"Authentication, Authorization and Identity Propagation","_seopress_titles_desc":"42Crunch allows developers to define what actions each user role can perform within an API prevents unauthorized access to sensitive data","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"footnotes":""},"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages\/208"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=208"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/pages\/208\/revisions"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}