Security in API and API managers

Amengual Bauza, Miguel

Please use this identifier to cite or link to this item: http://hdl.handle.net/10609/95286

Title:	Security in API and API managers
Author:	Amengual Bauza, Miguel
Director:	Garcia-Font, Victor
Tutor:	Mendoza Flores, Manuel Jesús
Abstract:	The purpose of this thesis is to study what are the factors that make an API safe. As well as knowing the processes, standards and tools that facilitate this work. First of all, we study the most common attacks and how to mitigate them. For example, to mitigate the impact of a DoS attack, we can use an API Gateway to return information from the cache and a WAF to block calls that do not have the desired structure. Secondly, we will introduce standards for the definition of the APIs. These are OAS and API Blueprint. They emphasize the importance of thinking about security from the design. Then, we will see OAuth2 as the most used standard to solve the authorization issues between applications that want to share data. In addition, we talk about a new way to build applications using microservices, which communicate with each other through their APIs. Finally, the API Management System concept is introduced as a process that include the tasks of publishing, promoting and monitoring APIs in a secure environment. The methodology used has been to focus these first chapters of the thesis on the theoretical study of the concepts. And then apply them to the practical case. This has been satisfactorily resolved by offering a solution based on the microservices architecture, with an API Gateway and using OAuth2. We can conclude that this work has been really useful to offer a global vision of API security and the initial objectives have been achieved.
Keywords:	API standard API security microservices
Document type:	info:eu-repo/semantics/masterThesis
Issue Date:	4-Jun-2019
Publication license:	http://creativecommons.org/licenses/by/3.0/es/
Appears in Collections:	Trabajos finales de carrera, trabajos de investigación, etc.