The Platform

APIDefender is the first purpose-built frontline security platform designed to identify and defend against API and application attacks at cloud scale.

The digital transformation is well underway.APIs have increasingly become a vital element of enterprise architectures to deliver applications and data through digital channels such as mobile endpoints, the cloud, and the Internet of Things(IoT). Unfortunately, APIs also expose a much larger attack surface and hence more vulnerable to targeted threats. General Purpose firewalls and intrusion prevention systems are designed to thwart packet attacks and not specific parametric attacks that happen at an API level.

Introducing the APIDefender Platform – the first purpose-built real-time API threat protection solution.


  • icon

    Go beyond API key and app ID provisioning. APIDefender gives you across-the-board real-time protection for your external, partner and internal APIs with 3600 frontline security in real time. OWASP-10 threat protection is just a start.

  • icon

    Granular application layer inspection and enforcement. API, domain and enterprise-level controls. Extensible architecture for security ruleset expansion and integration of external threat intelligence repositories

  • icon

    On-premise, public cloud, VPC-deployable. Architected for multi-tenancy. Cloud scale with cluster support. Integrate with external log analysis tools.

  • icon

    Real-time Threat Protection

    • Real-time Inline protection (vs. Point-in-time Static snapshot)
    • Out-of-the-box OWASP-10 support
    • Future proof Architecture – going beyond RESTful HTTPs/XML/JSON. Extensible to lot protocols such as COaP, XMPP, MQTT
    • Application-aware (and APIs called within); extensible to schema checks on inbound payload; Message validation, including XML and JSON schema validation
  • icon

    Inspect and Defend APIs Against Malicious Attacks.

    • Deep content Payload inspection and threat prevention for XML, SOAP, REST, JSON HTTP Traic
    • Validate HTTP parameters, REST query/POST parameters, JSON data structures, XML and SQL schemas, to guard against poisoning and injection attacks
    • Circuit Breakers and Rate Limits
    • Geolocation blocking/Blacklisted Origins
  • icon

    Gain Control and Visibility at the API Layer

    • Deploy APIDefender as a frontline gateway with API Managers such as Apigee
    • Add and extend configurable security policies on the fly
    • Horizontal scale-out with clustered deployments for horizontal scale out.
    • Cluster orchestration and management for VM and Docker images
    • Tenant metrics – ability to track call metrics per tenant to enforce threshold.
How it works

The APIDefender platform is the brain that reacts in real-time to keep pace with existing and emerging threats against your APIs. The diagram below illustrates how APIDefender Works:

how it works

The diagram below depicts the APIDefender platform architecture. APIDefender can be clustered and deployed in a public or private cloud.

APIDefender - Working with HTTPs traffic
http traffic
Deployment Scenarios

Deploying APIDefender On-Premise

on premise

Deploying APIDefender in public cloud

public cloud

Deploying APIDefender in a VPC