VNIS API protection is an API access control method on the Origin Shield done through token authentication. There are 2 applications of VNIS Token Authentication: API requests authentication, and validating mobile apps.
You can find this security feature by navigating to ‘ Origin Shield’ > 'API protection'.
You need to set the target domain from the ‘ Operation level panel’.
First, click the ‘Add rule’ button, then follow the 3 simple steps to implement API protection.
Step 1: Define API protection rule
To define the API protection rule, first, enter a rule name. Then you can specify the operator and the corresponding value that you want to apply the API protection.
The ‘ Value’ is the resource or path that you
wish to apply the API protection. The
‘Operator’ defines how the ‘actual user
request field and its values’ relate to the ‘URI in request
w/o query string with the set values’. Such that, when the two
match, it will execute the API protection.
The types of operators that you can select are: regex, streq, contains, within, prefix, suffix, and include. check this article to learn more about the definition of each operator.
Step 2: Define time-limited API authentication token
To define a time-limited API token, you need to create a key, set the token lifespan, and a custom parameter.
- Create a key - key is a secret code shared between VNIS and the web app which will be encrypted as a token. It can be any letters, numbers, or special characters between 16 to 64 characters.
- Set token lifespan - token lifespan is the length of time the end-user can access the API service using the key.
- Set custom parameter - parameter is the name assigned to represent the key.
You also have an option to activate and configure the rate limit feature. You can activate this feature by switching the toggle on.
Rate limit sets the maximum number of queries allowed per minute and the block time. Block time is the amount of time that queries will be blocked, if the queries exceed the maximum number of queries per minute.
The key and token settings defined in this step will be used by the authentication server to create the API token.
The key and token settings defined in this step will be used by the authentication server to create the API token.
Step 3: Implement script to generate API token
The final step is to implement the script to your server for API token generation.
First, review all the rules and token settings that you made.
After reviewing, copy the generated script to your
authentication server.
VNIS offers 4 types of program languages that you can choose when implementing this. You can choose between Python, PHP, Go, and node.js.
The script will be used by the authentication server to generate API tokens to be given to authorized users.
The API token is composed of the URL link to the requested protected resource, appended by a query string variable containing the parameter name of the key, the Unix epoch timestamp, and the hash (encrypted key).
You can test whether the URLs are being generated correctly on the server by enabling the firewall rules and then by monitoring the API protection analytics at ‘Analytics’ > ‘Origin Shield’ > ‘Firewall rules / CRS rules’.
To understand how mlytics API protection works, follow this link.