oGaTe includes the following security features:
- Identity mediation
Through its support for a wide range of security standards, oGaTe enables identity mediation between different identity schemes. For example, oGaTe can authenticate external clients by user name and password, but then issue SAML tokens that are used for identity propagation to application servers.
- API management
oGaTe enables you to secure Web APIs against attack and abuse. It also enables you to govern and meter access to and usage of Web APIs. oGaTe provides support for API management security standards such as OAuth. This enables you to share private resources with third-party websites without needing to provide credentials.
- Application-level networking
oGaTe routes data based on sender identity, content, and type. This enables messages to be sent to the appropriate application in a secure manner. It also enables service virtualization, where services are exposed to clients with virtual addresses to mask their actual addresses for security and application delivery. In this way, the oGaTe acts as an important control point for network traffic by shielding endpoint services from direct access.
- Audit trail
oGaTe satisfies audit requirements by enabling service transactions to be archived in a tamper-proof store for subsequent audit. Also facilitates privacy compliance support by allowing sensitive information, such as customer names, to be encrypted or stripped out of message traffic.
- Detailed Monitoring and Analytics
oGaTe records detailed analytics about how your APIs are being used, view hourly data that can be easily segmented, track upstream latency and chart it for each API you are managing.
- API Developer Portal
Publish your managed APIs to your customizable, mobile-enabled API portal and let developers manage their own keys, sign up and enroll to your APIs, with a flexible workflow and developer analytics.
- API Documentation
Publish your API Documentation to your portal using Swagger or API Blueprint, let users interact with your API using Swagger UI’s sandbox right from your portal.
Quotas and Rate Limiting
Set rate limiting, request throttling, and auto-renewing request quotas, on a per-api basis, or globally, to manage how your users access your API via the Open Source oGaTe.
Authentication
oGaTe supports access tokens, HMAC request signing, JSON Web tokens, Mutual TLS, OpenID Connect, basic auth, LDAP, Social OAuth and legacy Basic Authentication providers.