Space pic...
APIs are designed to expose certain functionality to be used by automated programs. An API’s schema serves as a “contract” for how an API’s clients should interact with an API making it a valuable tool to an organization’s customers. Unfortunately, this usefulness also makes it extremely valuable to attackers as well, especially when the underlying API does not appropriately enforce the parameters that are defined in the API schema. With Imperva, it is possible to enforce the terms of this contract, protecting the API against attack.
What is an API Schema?
An API schema is a design document of an API. It outlines exactly what the API is designed to do and what are considered legitimate API operations. Different APIs have different options for schemas, some common API schema types for REST APIs are Swagger and OpenAPI. An API schema is optional, but it can provide a very useful structure to an API as it defines what types of operations are permitted (create, read, update, and delete) and on what resources. In RESTful APIs, the operations typically correspond to the HTTP methods (e.g. GET, POST, PUT, PATCH, and DELETE) and the resources correspond to the endpoint (e.g. /user, /accounts, /user/123)
Depending on the organization, API specifications can be written manually or automatically based upon code. Having a schema created for an API makes it possible to enforce this schema as a contract between the API server and its clients allowing developers to leverage a “Design by Contract” (https://en.wikipedia.org/wiki/Design_by_contract) design pattern.
By defining an API schema and loading it into Imperva, it is possible to automatically block any traffic to an API that does not match the schema definition, which allows this contract to be enforced.
Watch this video on The Differences Between API Security Schema Types
Enforcing an API Schema in Imperva
Imperva enables users to enforce the terms of their API schema with a high level of granularity. Initially, it is possible to define a general enforcement action that is applied to all requests to a particular API if they violate the schema specification. After defining this general rule, it is possible to modify the enforcement actions for each endpoint within the API to better meet its unique security requirements.
Setting Up Schema Enforcement
On a website’s page within the Imperva dashboard, open the APIs view. If APIs have already been added to this webpage in Imperva, they will appear here. If so, select the More menu (three vertical dots) within the appropriate API’s row and click Edit. Otherwise, click the Add API button.