February 2014

FAQ: Triggering the “Invalid HTTP Message” IDP Rule in Forum Sentry

By | Date posted: February 7, 2014

A request or response message might trigger the “Invalid HTTP Message” IDP rule in Sentry resulting in the “No Matching Request Filter” error. This is a very common support issue that is easily identified and resolved.

To resolve the problem, ensure that the client is specifying the correct Content-Type HTTP Header and/or using the appropriate HTTP Method. Alternatively you can adjust the HTTP Request Filters defined for the policy.

Read more

Protecting your API Listener through SSL

By | Date posted: February 5, 2014

In this tutorial, you will learn how to rapidly protect your corporate APIs by providing a centralized SSL policy for your service.  We will use three components for this tutorial:  (i) TempConvert – a publicly available service that will be the corporate service that you plan to protect through SSL (ii) Forum Sentry to enable centralized API security via an SSL policy (iii) SOAPSonar used as a testing tool.  Download and install Forum Sentry and SOAPSonar to follow this tutorial.

Read more

Sleep Better with Centralized API Security

By | Date posted:

Secure integration has become increasingly important over the past few years. As businesses rely more heavily on applications for conducting transactions and managing personal information, API security has become critically important. When it comes to application security, generally, there are three options: centralized, decentralized and a hybrid of the two. Let’s learn a little bit about each of the three models are setup:

Read more

Signer Groups and CRLs for API Security

By | Date posted: February 3, 2014

Signer Group for API SecuritySigner Groups and CRLs are the cornerstone of PKI management necessary for API Security. In asymmetric cryptography used for SSL, when an X.509 certificate is presented to a client or a server, a process of certificate chain validation establishes trust in the X.509 certificate and the public key that it represents.  Certificate chain validation requires intermediate and root certificates that are embedded in the client (e.g., a browser) or a server (e.g., an Apache server).  Additionally, if an X.509 certificate is compromised, through Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol OCSP, certificates can be marked as revoked such that any entity presenting such certificates cannot be trusted.  Certificate validation through Signer Groups and revocation though CRLs or OCSP form the backbone of PKI management necessary for SSL, XML, SOAP and Big Data security.

In the tutorial, we will show how to enable and manage Signer Groups and CRLs rapidly for establishing APIs security using Forum Sentry API Gateway.

Read more

Advantages of API Gateway for managing SSL

By | Date posted:

Through SSL (SSLv3, TLS v1.1/1.2), API Gateways such as Forum Sentry rapidly secure your APIs that shuttle XML, JSON, HTML, SOAP and Big Data.  API Gateways typically sit in front of  your IT components such as web servers, application servers, ESBs and message queues.

Although most infrastructure components have SSL facilities that can be configured, however, enabling such facilities pose the following issues for enterprises:
Read more