What is API access control in Frontegg?
API-based access control is designed to fortify your API endpoints from undesired user access. It ensures that only authorized users can access specific APIs in the most granular way possible. Frontegg's Entitlements Agent (which acts as a docker container that you must install) constantly fetches the latest policies you configure in your app and runs their logic in accordance with the queries you perform. It then decides whether your user can—or cannot—access a resource or a specific API endpoint. The following topic outlines the basics of configuring and using Frontegg's API-access protection.
How API access control protects your APIs
API access control in Frontegg checks user permissions and features when users try to access your API endpoints. We've centralized the creation and control of your policies in one dashboard, so you can configure rules around your API endpoints and enable or devoid users of access.
Creating policies
Creating policies
Go to Cerating policies to create your first policy.
Getting started with API access control
To devise your API access control you need to follow the three steps below:
Step 1: Configure the agent
Configure the Frontegg Entitlements Agent to enable real-time access to the latest information and policies, allowing for data-driven decisions with minimal latency. To get started, choose your technology from the SDKs Overview and navigate to the Entitlements section.
Step 2: Configure the SDK
Configure the Entitlements SDK to perform Entitlement-based queries.
Step 3: Create policies
Create policies to determine who can access specific resources in your app and under what conditions. You can create these policies manually or import them. For more details, refer to the Creating Policies section.
Feature requirements
Feature requirements
Using Frontegg's API access control requires completing the configuration in the Entitlements section. To get started, select your technology from the SDKs Overview page, and navigate to the Entitlements section. Once configured, proceed with the creation of policies.
After creating policies and devising the required performance/access to resources, the flow works as follows:
- User will opt to perform an action, access a resource, or access an API endpoint.
- Management SDK will query the Entitlements Agent (with the
isEntitledTo
function) whether the user can perform the specific action or access the resource. The queries cover questions such as: Is the user entitled to access this API? _Is the user entitled to said feature? Is the user entitled to said permission?. - The Agent - which is constantly updated with the latest information - decides whether the user can or cannot access the resource or perform the specific action.
Organizations can thus efficiently manage permissions and enforce feature entitlements by implementing API-based access.