← Back to Glossary

What is API Access Control

by Iwan Price-Evans on Security • June 8, 2022

API Access Control (AAC) allows you to limit access to specific APIs for different users. This helps prevent unauthorized access to sensitive data.

AAC is an API security feature that restricts access to certain APIs based on user roles. It provides granular access controls to ensure that only authorized users have access to sensitive data. AAC works by allowing developers to define what actions each user role can perform within an API.

Why should you control access to APIs?

If you’re using an API to build applications, you need to make sure only authorized users can access the data. Otherwise, anyone with the right credentials can see what you’ve built and access application logic.

How to use API access control

Create User Roles.

To use AAC, you must first create user roles. You can do so using your API management console or API Gateway. Once you have defined the user roles, you can then assign them to different APIs.

Set Permissions Based on User Role.

In addition to defining user roles, you can also set permissions based on those roles. This allows you to control what users can do with an API. For example, you might allow users who are part of a particular role to view data, while restricting other users from viewing that same data.

Restrict API Calls by User Role.

You can use API Access Control to define different levels of access to an API. For example:

  1. View Data – Users who are assigned to this role will be able to view data through the API.
  2. Create Data – Users who are in this role will be able add new records to an existing table.
  3. Delete Data – Users who are part of this role will be able delete records from an existing table.