Protections

Protections let you to enrich your OpenAPI definitions with security information and apply API security as code. A protection defines a workflow of actions that API Firewall executes as well as the parameters that these actions require.

The scope of protections

You apply protections to your API as strategies by using the x-42c security extensions, either locally to specific paths, operations, responses, or HTTP status codes, or alternatively to all incoming requests or outgoing responses. For more details, see Protections and security extensions.

Extensions can have different scope depending on which level in your OpenAPI definition you add them:

  • Global level: The extension applies to the whole API: all paths, operations, and responses.
  • Path level: The extension applies to a specific path, including all operations and responses defined in it.
  • Operation level: The extension is applied to a specific operation and its responses.
  • Response level: The extension is applied to all responses defined for an operation.
  • Status level: The extension is applied to a specific HTTP status code or the default response.
# ...
paths:
    /apis:
        x-42c-local-strategy:
            x-42c-strategy:
                protections:
                    - x-42c-request-limiter_0.1:                # path level
                        # ...
        get:
            x-42c-local-strategy:
                x-42c-strategy:
                    protections:
                        - x-42c-request-limiter_0.1:            # operation level
                            # ...
            parameters:
                # ...
            responses: 
                x-42c-local-strategy:
                    x-42c-strategy:
                        protections:
                            - x-42c-security-headers_0.1:       # response level
                                # ...
                200: 
                    x-42c-local-strategy:
                        x-42c-strategy:
                            protections:
                                - x-42c-security-headers_0.1:   # status level
                                    # ...

Available protections

For more details on the different protections available, their x-42c extensions, applicable parameters, and examples, click on the following links:

What is...

API Protection

API Firewall

API Firewall deployment architecture

Kubernetes Injector for API Firewall

Protections and security extensions

API Security Audit

API Conformance Scan

Customizations

How to...

Protect APIs

Deploy API Firewall with Kubernetes Injector

Manage API Firewall configuration

Apply additional protections

Deactivate automatic contract enforcement in API Firewall

Customize platform features

Learn more...

How API Firewall validates API traffic

API Firewall variables

x-42c extensions

Automatic contract enforcement

API Firewall log line format for standard output