As businesses migrate their integration platforms and more of their software and data processing to the cloud, the APIs that connect those applications are increasingly exposed to external entities. This exposure makes APIs more vulnerable to security attacks so businesses must ensure these data pathways are protected. If these links are not sufficiently protected, they become an easy target for cyberattacks.
As a cloud-based file transfer service provider, Thru must protect the data that is entrusted to us when accessing our services using our APIs. Only valid, authenticated clients can be allowed to access the data, applications and systems integrated with our solutions.
What Is API Authentication?
Before we dive into authentication specific to Thru’s APIs, let’s first define what API authentication is. According to makeuseof.com, “API Authentication is all about proving or verifying the identity of the people accessing your system. It’s the process of using a software protocol to ensure that clients on a network are who they claim to be before granting them access.”
The particulars of authentication depend upon the method adopted but put simply: If any part of the identity is deemed incorrect, access is instantly blocked or denied. Cyberattacks are stopped before authorization methods, such as an exposed or compromised password, can even enter the equation.
How Thru APIs Are Authenticated for Integration
Thru’s set of APIs allows our customers to seamlessly integrate our file transfer service with their existing applications and integration platforms (iPaaS). Since our APIs also allow complete orchestration of file transfers by these integrations, we must ensure the connections are valid and secure.
This is accomplished in a two-prong approach. APIs are
- Secured by connecting only over encrypted HTTPS protocols between systems.
- Authenticated by one of the following methods:
- Shared secrets: One or more shared secrets preset on both sites.
- Login credentials: Accounts created in Thru platform and used by integrating applications.
- Security tokens: Obtained by integrating applications via initial authentication methods and required in each web service call. Security tokens are subject to expiration.
These steps validate the identity of the systems integrating with the Thru cloud. Once the API connection is deemed secure, additional user authentication and authorization takes place to ensure the user is valid and allowed to access the system.
Using Authenticated APIs to Seamlessly Integrate
Thru provides a comprehensive API for configuration, management, monitoring and alerts. Most functions available through the web portal are available with the REST API, making Thru a programmable headless MFT. Use Thru APIs to perform activities such as
- Connecting to your security information and event management systems (SIEM).
- Monitoring status of our MFT agent (called a Thru Node).
- Transferring files over HTTPS.
- Building connectors to integrate Thru with third-party software.
Ensuring our APIs are secure is one of many layers of protection that we provide in our secure file transfer solutions. To learn more about how we secure file transfer, go to our Secure File Transfer page »