Use case: Secure Machine-to-Machine API Communication with Cripsa M2M API Security

Goal: The API Provider aims to secure their APIs using Cripsa's M2M API Security solution, ensuring that authorized API Consumers can securely access their APIs while preventing unauthorized access, data breaches, and malicious attacks.

Actors:

  • API Provider (Cripsa Customer)
  • API Consumer (Client/Development Team)

Main Flow:

  • The API Provider registers as a developer on the Cripsa platform (https://cripsa.com).
  • The API Provider creates a project or selects an existing project in the API Security section of the Cripsa platform.
  • The API Provider registers the resource server, representing the name of the API they intend to secure, using the information obtained in the previous step.
  • The API Provider shares project details with clients (API Consumers) who require access to the secured API.
  • The API Consumer (Client) accesses the "get-access-token" API on Cripsa using the shared project details to obtain an access token.
  • The API Consumer verifies the obtained access token through the "verify-token" API to ensure its validity.
  • Once the token is verified, the API Consumer sends API access requests to the resource server along with the access token they received.
  • On the API Provider's side, a function is developed to call the "Verify Access Token" API provided by Cripsa. This API is invoked whenever a client attempts to access the API.
  • The API Provider's function validates the access token by interacting with the "Verify Access Token" API, ensuring the API Consumer's authenticity and authorization.
  • Upon successful validation, the API Provider's function grants access to the requested API resources, allowing the API Consumer to securely access the API.

Preconditions:

  • The API Provider and API Consumer are registered with Cripsa's M2M API Security system.
  • The API Provider has created a project on the Cripsa platform and registered the resource server.
  • The API Consumer has received project details from the API Provider.
  • The API Consumer has successfully obtained an access token through the "get-access-token" API.

Postconditions:

  • The API Consumer securely accesses the API resources, ensuring data integrity, authentication, and authorization.

Exceptions:

  • The API Consumer's access token is invalid or expired, leading to access denial.
  • The API Consumer's request to the "verify-token" API results in verification failure.
  • Unauthorized access attempts trigger alerts and are blocked by the API Provider's security mechanisms.

Trigger:

  • The API Consumer initiates the process by accessing the "get-access-token" API to obtain an access token, which is then used to request API access.
  • In this use case, Cripsa's M2M API Security solution facilitates the secure communication between API Providers and Consumers, ensuring that only authorized entities can access and interact with the APIs while safeguarding against unauthorized access and potential security threats.
Shape Thumb
Shape Thumb
Shape Thumb