API Security Features

Frends is committed to providing highly secure and reliable API management services. We use proven technologies, robust practices, and established procedures to ensure your data and services are protected.

Network Security

To ensure all data transmitted to and from the Frends platform is secure, we enforce several network security measures. The Frends Platform is accessible only over HTTPS protocol, which encrypts all traffic and protects it from interception by unauthorized parties. We follow the current best practices, including the use of strong encryption algorithms of at least 128 bits.

When connecting to on-premises systems, access is managed via a Frends Agent installed behind your firewall. This Agent communicates with the Frends cloud over a secure, encrypted link using TLS 1.2.

Our platform uses a multi-tier architecture that segregates internal application systems from the public internet. All network access is restricted by firewall rules and logged in a secure, centralized system to ensure a controlled and monitored environment.

Authentication and Access Control

Frends provides multiple robust methods to authenticate and authorize callers to your APIs, ensuring that only legitimate clients can access your endpoints. The primary methods supported are API keys and OAuth 2.0 with external authentication provider or Frends built-in private tokens, with options for Basic Authentication and client certificates also available.

In Frends, each authentication and authorization method is Environment or Agent Group specific and its access rights are defined by one or more API Policies. An API Policy is a collection of rules that grant access to specific URL paths and HTTP methods, allowing for granular control over what each method can do. You can also configure request throttling on a per-identity basis to prevent abuse.