Authentication
Security is one of our primary focuses. It is key, that our systems must stay secure and yet, these safety measures should not be overcomplicated, nor should they stagger the performance of any connected applications. Keeping these points in sight, we implemented an unique id-key pair, header based authentication.
Per environment settings
ESB provides access on an application basis for the REST API endpoints. The access is granted for each required ESB environment separately. The access is granted via a shared secret key and is only granted to those REST APIs which are needed for the application. Quotas are applied per application and environment
Authentication in the API header
After a client obtains the ID and Key pair, all they have to do, is to insert it in the Header of the API call. There could not be a simpler and more efficient solution. No need to faff with the client body credentials, or a separate authentication
Key generation and rotation
We issue these ID and Key pairs from within our Azure workspace. As it is locked behind an already access limited cloud platform, it is safe to say, this is approach is impenetrable.
To further enhance safety, as a standard, we rotate the keys every 2 years. Of course this can be modified at request.
The main advantage of this approach is that privileges can be easily assigned or modified within the Azure workspace. No unwanted eyes will be laid upon these tokens.
Want to know more?
Check out our different environments, or the key features of our APIs!