Skip to main content
Skip table of contents

API Access Management

Providing appropriate access control for anybody who wishes to access APIs is the key to managing safely and securely of APIs. These access control measures can take myriad forms. Fiorano API manager helps to configure a multitude of access management options which are listed in the sections below.

These access management options can be broad-based which includes the whole API setup and can also go down to an individual resource in a given API.
Fiorano API manager uses policies to manage access to the APIs.

OAuth Verify Access Token Policy

OAuth enables authorization of clients by generating an Access Token and by verifying the Access Token instead of relying on a specific password. OAuth 2.0 specification defines four grant types: authorization code, implicit, resource owner password credentials, and client credentials to obtain the access token.

Refer to the OAuth Policies section for details.

Verify API Key Policy

The Verify API Key policy is used to allow access to API resources for only those clients with valid product subscription. All API projects in which this policy is used are wrapped into one or more products and added to a client subscription. Each product under a specific subscription has a unique pair of Generating API Key. API manager allows requests only from those client applications which hold a valid API Key to access API resources.

JSON Web Token Policy

JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. The provided information can be trusted because it is digitally signed by HMAC algorithm or encrypted by RSA algorithm.

IP Filter Policy

IP-based Filtering enables allowing or blocking API calls based on a set of IP Addresses. Refer to the IP Filter policy for details.

Quota Policy

Quota policy is used to configure the number of requests that an application is allowed to submit to an API per hour/day/week/month.

Spike Arrest Policy

Spike Arrest policy protects against traffic spikes by throttling the number of requests processed by an API proxy. The requests are not sent to the backend, thereby protecting against performance lags and downtime.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.