How the Mlytics API protection works?
When you're implementing an API protection via mlytics, you'll be asked to do the following:
- Define the API protection rules - if the user request matches the rules defined then API protection will be initiated.
- Define a time-limited API token - this defines the key and token settings on how the authentication server creates the API token.
- Create a key
- Set token lifespan
- Set custom parameter
- Activate and configure rate limit feature (optional)
- Generate script for API protection - this script will be used by the authentication server to generate API tokens (in the form of a custom parameter) to be given to verified users.
- Copy and paste the system-generated script to your authentication server
Once done and activated, the end-users' journey will follow the illustration below:
- The end-user will login to the web application, and send request to the authentication server
- If the authentication server verified the account of the end-user, it will provide the time-limited API token to the user.
- The end-user will request a restricted web service or content from the edge server using a URL with custom parameter (which contains the API token)
- Once mlytics verified the token, the end-user will be able to accessed the restricted web service or content from the edge server.