Introducing API Access Management: Connecting and Securing APIs in the Cloud

Think about the last time you went home after dinner with friends. You pulled out your cell phone and hailed a ride using an app. As a customer, you had a seamless experience with just a few taps. But the backend technology that made it possible was actually a tapestry of interwoven apps, connected into one unified experience using APIs. The rideshare app used another app’s API to visualize how far away potential cars were, and to trigger a text to you when the driver was on the way. Once in the car, the driver greeted you by name, used a third-party map service for directions, and then at the end of the ride, another app processed your payment for the trip.

Today, a company’s ability to deliver an easy, personalized and integrated experience using these disparate services is expected. And it’s bigger than hailing a car. Companies in all industries are building amazing user experiences for their customers, partners and employees to gain a competitive edge and avoid disruption. Consider for example, one of our customers, a Fortune 100 financial services firm. To boost advisor productivity they have built an app for their financial advisors that mashes together several key systems: CRM for client and opportunity information, a calendar for tracking advisor activity, a proprietary purchase history database and a document collaboration tool. With the UX friction removed, advisors are far more effective and the company can drive more business.

Most companies are faced with the same challenge. They have made massive investments in a portfolio of apps to run their businesses and they can’t simply throw these out and start over. They need to leverage their systems of record securely, quickly and efficiently. They have to seize the new possibilities that emerge when their core data systems are composed alongside public APIs. What remains is to ensure that access to these services is secure, so that every person gets the right content, data or functionality at the right time.

To address this challenge we are introducing a new product, Okta API Access Management. Our new product helps developers and IT leaders build, maintain and scale seamless, personal and secure experiences across on-prem and cloud services. Unlike legacy point solutions, access is managed based on the user, and fully integrated with Okta’s Identity Cloud. This approach makes it easy to do what has never before been possible: centrally maintain one identity and one set of permissions for any employee, customer or partner across every point of access, app, API or device. Starting today, Okta customers can extend this new capability to the millions of identities they already manage through one unified console.

Key features of Okta API Access Management include:

  • Identity-driven policy: IT can now apply Okta’s powerful policy framework to any API based on user profile, group membership, network zone, device, client, user or administrator consent. Access can be revoked instantly based on any change to user permissions.
  • API developers get full support for OAuth2.0, the modern authorization standard, via our plug- and-play Identity SDKs. This means developers and IT can spend more time focusing on the core value of their app and less time on security.
  • Okta UX: Unlike any legacy point solutions, Okta API Access Management has the same simple interface that is built to be user friendly for consistent creation, maintenance and audit of API access policies based on native identity objects without custom code. Now an API can be as secure as any other resource in your enterprise.
  • Integrates with leading API management solutions: We have partnered with API management providers including Apigee and MuleSoft, providing IT a complete and secure solution for any app or service your company builds.

Before today, there has not been a pure cloud solution that allows IT and developers to centrally manage access policies for all of their APIs in the context of any user — employee, partner or customer. Okta API Access Management leverages all of the capabilities of the core Okta platform and further extends the value of Okta as a solid foundation for the agile innovation required to compete.

In fact, our customer Pitney Bowes already uses Okta API Access Management to power SendPro, one of the first products to launch on its brand new Commerce Cloud. SendPro brings together a rich ecosystem of services that provide everything from location, shipping, package tracking and payments for its customers. Check out the video here: