Forum Discussion

DocteurBGP's avatar
DocteurBGP
Icon for Nimbostratus rankNimbostratus
Jun 06, 2023

Difference between Rest API security protection and API Security ASM template ?

Hi, I have to protect some Rest API with ASM. I saw that there are 2 different API protection features : 1) Create an ASM policy with the API security template where you just import the swagger fi...
security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Jun 06, 2023

Hi DocteurBGP,

the APM Policy can

  1. import an Open API Spec file
  2. verify that the API call is made to an allowed API endpoint.
  3. verify that clients makes only unauthenticated API calls and verify JWT access tokens
  4. do Rate Limiting

The AWAF Policy can

  1. import an Open API Spec file and validate that the API request conforms to the spec file
  2. protect against Web Application Threats

To my surprise the AWAF Policy can import an Open API Spec file but does not build a list of allowed URLs (methods / endpoints) from it.

KR
Daniel