PickPoint is a Russian logistics company that has self-delivery lockers, similar to Nest in The country, which customers can use to store goods they have bought online. PickPoint was recently hacked, and 2,732 delivery boxes were opened automatically in Moscow.

Because this was a truly successful attack, not a theoretical study, details are scarce. However, judging by outsiders, this looks like an attack on the API: 1. In videos posted online, we can see the delivery boxes opening one after another, rather than all at once; 2. There was no connection between the attack place and the whole city, and no one went to the front of the express delivery cabinet; 3. PickPoint is API-driven and is supported by a vendor.

As more and more companies make money by accessing their apis and the resources behind them in various ways, and as attacks like the one above continue to occur, is there any way to ensure API security?

The answer is API gateways.

To put it simply, API gateway is a management tool that comes into being with the increasing use of microservices architecture: a unified exit that aggregates multiple different apis and performs traffic control/statistics, identity verification, and other operations on the API. With a unified traffic entry, API gateways can introduce message security between internal services, making them more secure, and messages can be passed back and forth between encrypted services.

Next, several qualified API gateway products are recommended

  1. Zuul: Is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more, recommended by Spring Cloud.
  2. Kong: Is an API gateway that forwards API communication between clients and (micro) services.
  3. EoLinker: It is a domestic gateway product, which has done quite well in the past two years. There are different open source versions, which can be adapted to teams of all sizes.

We are using the third one now. If you are interested, you can go to the official website and have a look. You are also welcome to exchange ideas with me. Web site:www.eolinker.com