While working with APIs, you need to ensure that your data security is well-managed. Data security in API is the the most spoken during requirement, design, development, and post-production activities. Most of the time the data security is managed after the post-production activity using API gateways. We need to discuss how do we ensure that data security is followed with the "Shift Left" approach.
There are many reasons why you would want to encrypt your data. Perhaps you have a partner who doesn't need access to your data, or maybe you want to ensure that your data doesn't get in the wrong hands. Whatever the reason, you need to find a way to make sure that your data is encrypted in a secure manner and can only be accessed by authorized users. These are the same problems that enterprises face when they want to ensure that their data is safe and secure.
Here is the 5-tiered security architecture to ensure data is secure:
- User profile-based security: Controlled data access at ROW and FIELD levels based on the user profile and enforce dynamic data masking at various levels to protect data visibility.
- RBAC: Controlled API access in totality.
- Payload Encryption: RSA Key pair based encryption ensures that only the receiver with the private key can decrypt the data
- Secure Transfer: Leverage HTTPS to secure the data during network transfer
- Metadata Encryption: Leverage complex encryption techniques like AES 256+salt-based security.
