Governing Access To Third-Party Application Programming Interfaces

Organization Name

Oracle International Corporation

Inventor(s)

Tuck Chang of Santa Clara CA (US)

Zhengming Zhang of Ontario (CA)

Governing Access To Third-Party Application Programming Interfaces - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240012700 titled 'Governing Access To Third-Party Application Programming Interfaces

Simplified Explanation

The patent application describes techniques for governing access to third-party application programming interfaces (APIs) through a proxy service. The proxy service acts as an intermediary between user-facing services and backend services, allowing the user-facing services to perform functions of the backend services.

Key points of the patent/application:

• A proxy service is used to expose an API that receives requests from user-facing services to perform functions of backend services.
• The proxy service stores a usage policy that defines a criterion associated with using a function of a backend service.
• When a request is received by the proxy service, it checks if the request satisfies the usage policy.
• If the request does not satisfy the usage policy, the proxy service refrains from accessing the backend service to perform the requested function.
• An alert is transmitted to the user-facing service indicating that the request does not satisfy the usage policy.

Potential applications of this technology:

• API governance: The techniques described in the patent/application can be used to govern access to APIs provided by third-party services. This can help ensure that API usage adheres to predefined policies and criteria.
• Security and access control: The proxy service can act as a security layer, allowing organizations to control and monitor access to backend services through the API. It can prevent unauthorized or non-compliant requests from reaching the backend services.

Problems solved by this technology:

• Unauthorized access: The proxy service helps prevent unauthorized access to backend services by enforcing usage policies and criteria.
• Policy enforcement: The techniques described ensure that requests made through the API adhere to predefined usage policies, reducing the risk of misuse or abuse.

Benefits of this technology:

• Enhanced security: By controlling access to backend services through the proxy service, organizations can improve the security of their systems and data.
• Policy compliance: The usage policies stored in the proxy service help ensure that API usage aligns with organizational policies and guidelines.
• Real-time alerts: The transmission of alerts to user-facing services allows for immediate notification of non-compliant requests, enabling prompt action and resolution.

Original Abstract Submitted

techniques for governing access to third-party application programming interfaces (api's) are disclosed. a proxy service exposes an api configured to receive requests, from user-facing services, to perform functions of backend services. the proxy service stores a usage policy that defines a criterion that is (a) different from any authorization criterion and (b) associated with using a function of a backend service. the proxy service receives a request to perform the function of the first backend service for a user-facing service and determines that the request does not satisfy the usage policy. based on determining that the request does not satisfy the usage policy, the proxy service refrains from accessing the backend service to perform the function responsive to the request, and transmits an alert to the user-facing service indicating that the request does not satisfy the usage policy.