Method and apparatus for authorizing API calls

Assignee

• STYRA, INC. · US

Inventors

• Timothy L. Hinrichs · Los Altos, US
• Teemu Koponen · San Francisco, US
• Andrew Curtis · San Mateo, US
• Torin Sandall · San Francisco, US
• Octavian Florescu · Berkeley, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/08
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Some embodiments of the invention provide a system for defining, distributing and enforcing policies for authorizing API (Application Programming Interface) calls to applications executing on one or more sets of associated machines (e.g., virtual machines, containers, computers, etc.) in one or more datacenters. This system has servers that act as a logically centralized resource for defining and storing policies and parameters for evaluating these policies. The servers enforce these policies and distribute the policies and parameters to policy-enforcing local agents that execute near the applications that process the API calls. From an associated application, a local agent receives API-authorization requests to determine whether API calls received by the application are authorized. In response to such a request, the local agent uses one or more parameters associated with the API call to identify a policy stored in its local policy storage to evaluate whether the API call should be authorized. To evaluate this policy, the agent also retrieves one or more parameters from the local policy storage.