API architecture vulnerability

Question

my web dev team is bringing up concerns about the openness of our API architecture from a Security perspective. I am struggling with the spend and effort associated with implementing an API Manager. The concern is that when we go live with our e commerce platform we will have 150 API’s that are open. To control those we will need to leverage iRules on the F5. &nbsp;
does anyone have a position on how high our risk exposure is and if using the F5 is a feasible approach to API protection at this state. &nbsp;

ekaleido · Answer

How do you want to limit access to these APIs? By IP? Usernames? More details and we can provide a better answer.&nbsp;

jerm1020_254086 · Answer

Probably by IP's but both options are on the table.&nbsp;

vijay_e · Answer

IP based protection is easier. You can just block access to https.&nbsp;

ekaleido · Answer

IP based can be done either by specifying a source in the VIP or by applying a relatively simple iRule that references an IP datagroup. Usernames wouldn't really protect you, the more I think about it, and there are lots of iRule examples for creating "IP whitelists."

Forum Discussion

API architecture vulnerability

4 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Mastering API Architectures Ebook from NGINX

F5 Architecture Track Sessions - AppWorld 2026

F5 Hybrid Security Architectures: Part 3 F5 XC API Protection and NGINX Ingress

F5 Distributed Cloud Web App and API Protection hybrid architecture for DevSecOps

Kubernetes architecture options with F5 Distributed Cloud Services

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS