¶ APIDynamics
¶ General funcionality diagram
This sequence diagram shows the basic functionality of Adaptive Authentication that can be implemented in your systems to protect your API Servers from intruders. It also stablish a source of truth for your well known clients, so, your APIs can be sure they are accepting a client that has already resolved a TOTP token challenge.
¶ Quick start
¶ Registration
- New API Servers (providers) must have an account, this account can be self created by visiting the registration URL at Register.
Fill in all fields and go to your inbox to confirm your account.
- Once data is submitted, visit your inbox (e.g. acmeadmin@user.com) and click on the Confirm link.
- After confirming access to your registration inbox, fill out all required data to create a user. This user is required to define your API and register the API clients that you want enforce using adaptive authentication. Once data is submitted, user will be redirected to login screen where you can sign in for the first time.
- Login to system
¶ Register API providers
- For this to work, API providers must be registered so that API clients can be assiged to those API providers. Todo that let's start by creating our first API Provider by visiting from the left menu Adaptive Auth -> APIs -> Click Add button (see image).
- Fill out all required data and click Save. After saving the new API Provider, click on the 3 dots context menu (...) on the right of the list and click on Adaptive Configuration option.
- Configure API Adaptive Risk Authentication
Adaptive Risk Authentication consist of 6 sections, each section is responsible of different parts of the client identification and verification. Each of these section will be explained next.- Adaptive Risk Score Bands Configuration
- IP Restriction Configuration
- Location Configuration
- Time of Access Configuration
- Browser User Agent Configuration
- Similarity Ratio Configuration
Each API Provider using Adaptive authentication will have a template of API Adaptive Configuration. This adaptive configuration will be inherited for all API Clients using the API configured here.
See Configure API Adaptive Risk Authentication for more.