How the Mlytics API protection works?

When you're implementing an API protection via mlytics, you'll be asked to do the following:

  1. Define the API protection rules - if the user request matches the rules defined then API protection will be initiated.
  2. Define a time-limited API token - this defines the key and token settings on how the authentication server creates the API token.
    1. Create a key
    2. Set token lifespan
    3. Set custom parameter
    4. Activate and configure rate limit feature (optional)
  3. Generate script for API protection - this script will be used by the authentication server to generate API tokens (in the form of a custom parameter) to be given to verified users.
  4. Copy and paste the system-generated script to your authentication server

Once done and activated, the end-users' journey will follow the illustration below:

  1. The end-user will login to the web application, and send request to the authentication server 
  2. If the authentication server verified the account of the end-user, it will provide the time-limited API token to the user.
  3. The end-user will request a restricted web service or content from the edge server using a URL with custom parameter (which contains the API token)
  4. Once mlytics verified the token, the end-user will be able to accessed the restricted web service or content from the edge server.