New Features

API Policies

API Policies centralize and harmonize the way access to HTTP and API endpoints are managed. This is done by decoupling the authentication from the Process level and moving API Key access management (previously API Key rulesets), OAuth (Previously OpenAPI specifications/API Policies) and the new Private Application tokens under one central view.

API Policies allow configuring access to different endpoints (path and HTTP method) for different Agent Groups with different access options, such as having API Keys used for development and OAuth for production use and you can even have different authorization options available at the same time for a single Process.

Previously throttling was only available for use with API Keys, but now you can use it with other authentication methods and even unauthenticated requests.

Because the authentication is now decoupled from the Process, API passthroughs can now leverage the different authorization options available in Frends.

Private applications

Private applications are meant to increase the security for simple authentication/authorization. You can now create Private Application tokens which are provided by the Frends Management UI with a specified lifetime and claims. These claims can be used by the API Policies to manage access to your endpoints, and to provide contextual information about the identity inside of Processes. The tokens support revocation, so if for some reason your token would be compromised, you can easily revoke it and issue a new token in its stead.