Secure Your APIs in 3 Simple Steps with the Citrix API Gateway

Pre-Requisite: Customers should have a Premium NetScaler License and ADM Service to enable API Gateway

The rise of API-driven software has seen a corresponding rise in API-related security attacks. In the last few years, the industry has seen an increase in data breaches across companies of all shapes and sizes. Notable enterprises such as Venmo, Experian, and Peloton among others have all been victims of API attacks and data breaches. This has led to the exposure of millions of personally identifiable information (PII) records of their customers, costing millions in damages and fines.

As organizations are realizing the critical need for effective API security in their overall security posture, Citrix API Gateway is one solution that’s ready to solve the challenge. 3 simple steps can enable organizations to protect their APIs by deploying them behind the Citrix API Gateway. They are as follows:

1. Onboarding the API

2. Deploying the API

3. Enabling Policies

Onboarding the API

To onboard your API to the Citrix API Gateway, the first step is uploading the API specification. An API specification is a high-level blueprint of how your API works structurally. Although sometimes development teams may overlook creating an API specification, it is an incredibly important step in the end to have secure applications.

The OpenAPI Specification (OAS), previously known as Swagger, is one such standard interface for RESTful API specifications, allowing APIs to be discovered and understood by both computers and humans. An OAS specification is represented as an object in a JSON or YAML file. No need to worry if you don’t have your API spec already created. You can create one manually inside the Citrix API Gateway.

To begin, navigate to your instance of Citrix ADM and login. Once there, follow these steps.

1. Go to the sidebar and click Security >> API Gateway >> API Definitions

2. Click Add and either upload your OAS API specification file (if you have one) OR select Create Your Definition to create one manually

Now that you’ve added your API spec, it’s time to deploy your API to the gateway.

Deploying the API

1. Go to the sidebar and click Security >> API Gateway >> Deployments

2. Click Add and fill out the details under the Deployment Basic Info

3. Give your deployment a name and select the target API gateway (NetScaler) from the drop-down menu. Select the relevant API definition and fill out details around IP address, port, certification, and so on

4. Next, under Upstream Services, click Add to configure your Upstream API Services (aka your back end API service)

5. Next, Under Routing, add routes for the API Upstream Services or back-end API services that you created. Routing for API Upstream Services adds details about API routing configuration for the API Gateway to route incoming API calls to the right back end service.

Enabling Policies

The next step in the deployment process is to create policies for the API Upstream Services or back end API services.

1. Go to the sidebar and click Security >> API Gateway >> Policies

2. Click Add. Fill out a name, select a deployment and choose the appropriate upstream service

3. Next, click Add to create various types of policies against different API resources

   1. Some useful policies include rate-limiting, authorization, WAF, Bot, header rewrite, and deny. You can also create custom rules according to your business needs.

4. Once complete with all policies, click Save and Apply.

And that’s it. You’ve successfully onboarded your API to the Citrix API Gateway. This is one step that pays dividends in the end as your APIs and applications are now more secure. Not only this helps limit your attack surface, but it will also help you gain holistic visibility into your API ecosystem (via the API Analytics feature). This allows you to monitor API performance, discover shadow and leaky APIs, monitor endpoint activity, and gain various insights on your API deployments.

With the added level of security, rest assured knowing that the Citrix API Gateway takes care of the tedious and keeps your applications much more secure.