When to Use

Skill-Datei

When to Use

Implements security controls at the API gateway layer including authentication enforcement, rate limiting, request validation, IP allowlisting, TLS termination, and threat protection. The engineer configures API gateways (Kong, AWS API Gateway, Azure APIM, Apigee) to act as a centralized security enforcement point that validates, throttles, and monitors all API traffic before it reaches backend services. Activates for requests involving API gateway security, API management security, gateway authentication, or centralized API protection.

mukul9754,535 Sterne06.04.2026

Beruf
Kategorien: Sicherheit

Skill-Inhalt

When to Use

Deploying a centralized authentication and authorization layer for microservice APIs
Implementing rate limiting, throttling, and quota management across all API endpoints
Configuring request/response validation against OpenAPI specifications at the gateway level
Setting up TLS termination, mutual TLS, and certificate management for API traffic
Integrating WAF rules with the API gateway to block injection, XSS, and known attack patterns

Do not use as the sole security layer. API gateways provide defense in depth but backend services must also validate authorization and input.

Prerequisites

API gateway platform selected and deployed (Kong, AWS API Gateway, Azure APIM, or Apigee)
OpenAPI/Swagger specifications for all backend APIs
TLS certificates for the gateway domain
Identity provider (IdP) configured for OAuth2/OIDC (Okta, Auth0, Azure AD)
Monitoring and logging infrastructure (CloudWatch, Datadog, ELK)
Backend service endpoints registered and reachable from the gateway