Application Program Interfaces (APIs) have taken center stage as modern organizations adopt API-first approaches to application development. With recent studies uncovering that 83% of all web traffic is to API endpoints, their security has become a key focus for organizations worldwide.

API security for advanced threats

Fastly’s API security is built into our Next-Generation Web Application Firewall (NGWAF). Our protection enhances your security posture, unifies visibility and decisioning, and empowers application development for organizations making their applications faster, safer, and more engaging.

Enhance your security posture

APIs need protection no matter where they operate. The NGWAF runs natively in any cloud, data center, or container, with various deployment options at the code, web server, or API layer. Its flexible deployment enables visibility to external APIs based in tools like Kong or NGINX, and internal APIs like those in a service mesh. The NGWAF inspects all requests at runtime to enable automated traffic decisions like blocking, rate-limiting, and layered rulesets to secure applications from OWASP’s Top 10 API Security Risks, payloads targeting specific API protocols, and other API threats highlighted below. The NGWAF is deployable anywhere and protects your APIs everywhere, so you can scale with a single security partner that protects your applications no matter how you grow.

Unify visibility and decisioning

API security is better in a platform. The NGWAF offers visibility into all API requests and decisioning logic out of the box, reducing the need for multiple solutions to provide comprehensive Layer 7 protection. By combining these two functionalities, the NGWAF offers analytics that can tell complete application security stories. The story can also be easily shared across the NGWAF’s numerous integrations with Security Information and Event Management (SIEM) platforms like Elastic and Datadog to combine its insights into your overarching security narrative. The NGWAF is a security platform that increases data insights and lowers your total cost of ownership, allowing you to make better informed security decisions and reallocate your budget toward new strategic initiatives.

Empower application development

Your security tech stack shouldn’t be a roadblock to API implementation. Using Fastly’s patented SmartParse contextual detection built into the NGWAF, you can easily protect commonly utilized REST and SOAP/XML, as well as recently popularized GraphQL, GRPC, and WebSocket endpoints. This coverage includes GraphQL inspection, which parses the contents of requests to inspect them and ensure malicious payloads aren’t hidden within the call. The NGWAF enables application developers to push releases faster while creating better customer experiences because they can leverage the latest APIs without negative security implications.