API Security: Awareness and Moderation are Key

A Buddhist approach towards addressing the uncertainty of API Security

2500 years ago, light was shed on the philosophy of moderation. It was the key to health and happiness as taught in Buddhism. Similarly, this approach also applies to our reckless world of technology. Take the API economy, for example. Organizations utilize and depend on APIs to create new revenue streams and monetize their core business.

It is critical to have awareness of your APIs and system health in order to maintain API security. But API requests can easily get out of control if not moderated. Some impacting factors include spike in demand, DDoS breach attempts, or just simple unintentional coding errors. You cannot risk breaking revenue generating services for you and your customers.

So how do you manage chaos within a sea of APIs? It can be overwhelming but the solution is simple. Check out the second part of our API security demo videos to learn more about how monitoring and moderating API traffic can help you maintain API security:


The ability to moderate API traffic depends on having awareness. You need insight on how much is consumed or used in order to exercise moderation. Unpredictable response times or even API downtime have direct impact on the businesses bottom line. This is where ForgeRock comes in to help. ForgeRock Identity Gateway enables you to monitor and gain insight across all of your APIs and systems health. This helps you to respond before your customers are directly impacted with a poor user experience.

Once you have the right information on your API and system health you can then take the right actions towards delivering a user experience that is both secure and responsive. Rate limiting, as measured by requests per second, can be utilized to tweak API traffic load. This helps you to maintain a healthy load to the API backend, prevent breach attempts such as DDoS attacks, and ensure response times are within Service Level Agreements (SLA).

When request traffic exceeds the rate limit, Identity Gateway can reject requests in excess (HTTP-429 Too many requests) with a gentle notification to the user to retry their request (this algorithm is also referred to as token bucket). 

There's no need to  an extreme approach when it comes to managing API traffic. Take the middle path by monitoring API health and apply rate limiting according to your organization’s and users’ needs. Learn more by checking out the ForgeRock Identity Gateway Guide here!