How the Mlytics API protection works?
Mlytics API protection is an access control method on the Origin Shield (Origin Shield is an intermediate node found between the CDN/edge and the origin) through token authentication. Using Mlytics’ token authentication, customers can implement access control via URL tokens without having to build complex back-end systems. There are 2 applications of Mlytics Token Authentication:
- API Requests Authentication
- Validating Mobile Apps
For both applications, Mlytics will check the tokens at the Origin Shield before any request is relayed to the origin. And if the token is not valid, the request will be blocked. Since Mlytics handles all the token validation on the Origin Shield, the origin server does not need to have complex authentication logic. In addition, a malicious user who attempts to forge tokens will be blocked from ever reaching the origin.
When you're implementing API protection via Mlytics, you'll be asked to do the following:
- Define API protection rules - if the user request matches the rules defined then API protection will be initiated.
- Define time-limited API token settings - this defines the key and token settings on how the authentication server creates the API token.
- Create a key
- Set token lifespan
- Set custom parameter
- Activate and configure rate limit feature (optional)
- Implement script for generating API token - copy-paste the system-generated script to your authentication server. This script will be used by the authentication server to generate API tokens to be given to verified users.
Once done and activated, the end-users' journey when requesting an API will follow the illustration below:
- The end-user will login to the web application, and this will send a request to the authentication server. This authentication server must be pre-installed with an Mlytics-generated script.
- If the authentication server verifies the account of the end-user, it will provide the time-limited API token to the end-user, in the form of a URL with a custom parameter The provided API token is configured to expire.
- The end-user will request a restricted/protected web service (API) from the Origin Shield server using API token.
- Mlytics Origin Shield server will validate the API token and allow access based on the result. Since the end-user has an API token, he can successfully access the restricted web service through the WAF server.
Mlytics token authentication can be used to validate an API request on the Origin Shield whether it is coming from a valid user, client, or a mobile device. Mlytics can filter out non-authenticated or forged requests, and not let them pass to the origin API server.
Along with Mlytics' Rate Limiting and WAF, a web or mobile application with an API can be validated at the Origin Shield server, protecting it from overuse and abuse.