Protections let you to enrich your OpenAPI definitions with security information and apply API security as code. A protection defines a workflow of actions that API Firewall executes as well as the parameters that these actions require.
The scope of protections
You apply protections to your API as strategies by using the
x-42c security extensions, either locally to specific paths, operations, responses, or HTTP status codes, or alternatively to all incoming requests or outgoing responses. For more details, see Protections and security extensions.
Extensions can have different scope depending on which level in your OpenAPI definition you add them:
- Global level: The extension applies to the whole API: all paths, operations, and responses.
- Path level: The extension applies to a specific path, including all operations and responses defined in it.
- Operation level: The extension is applied to a specific operation and its responses.
- Response level: The extension is applied to all responses defined for an operation.
- Status level: The extension is applied to a specific HTTP status code or the
# ... paths: /apis: x-42c-local-strategy: x-42c-strategy: protections: - x-42c-request-limiter_0.1: # path level # ... get: x-42c-local-strategy: x-42c-strategy: protections: - x-42c-request-limiter_0.1: # operation level # ... parameters: # ... responses: x-42c-local-strategy: x-42c-strategy: protections: - x-42c-security-headers_0.1: # response level # ... 200: x-42c-local-strategy: x-42c-strategy: protections: - x-42c-security-headers_0.1: # status level # ...
For more details on the different protections available, their
x-42c extensions, applicable parameters, and examples, click on the following links:
API Firewall deployment architecture
Kubernetes Injector for API Firewall
Protections and security extensions
Deploy API Firewall with Kubernetes Injector
Manage API Firewall configuration
Deactivate automatic contract enforcement in API Firewall
How API Firewall validates API traffic
Automatic contract enforcement