Far too many APIs are unnecessarily exposed to malicious and curious third-parties due to the lack of even basic security controls. The DreamFactory API generation and management platform was built from the ground up with security in mind, and doesn't even support the concept of a public API. Instead, all APIs are automatically secured by at minimum an API key, and developers can optionally require user authentication using authentication solutions such as Okta, Auth0, AWS Cognito, Active Directory, and LDAP.
Role-based Access Control Integration
Each API key is associated with a role-based access control (RBAC). Role-based access controls allow you to define with a great degree of specificity what a client using a particular API key is capable of doing with the API. For instance you can restrict a database-backed API role-based access control to querying only specific tables or stored procedures, to only inserting records, only updating records, or operating in an entirely read-only manner.
Mount Existing APIs to DreamFactory
Previously created APIs can immediately begin taking advantage of DreamFactory's API key manager. Just mount your API as a remote HTTP service, and then create a role-based access control and associated API key for the newly added API. Once done, you'll be able to query your API through a DreamFactory-managed proxy which requires provision of the API key.
- Learn more about API key-based queries
