The TAG is in it’s simplest form, a reverse-proxy that is used to secure API endpoints within an enterprise network. In reality, the rich feature set of the TAG offers many capabilities that cover all aspects of security: Authentication, Authorization, and Integrity. It also provides load balancing capabilities and is fault tolerant by default to avoid becoming a single point of failure.
Most enterprises have already adopted an API orientated architecture or are on the way to doing so.
Securing access to APIs is critical for any business. The traditional approach was to secure access within the applications themselves, either by checking users or roles. As the number of applications grows, this becomes increasingly more difficult to maintain. A change to the company’s security strategy also requires code changes in each application. This becomes an exponentially difficult problem considering that an application may have hundreds of exposed end-points.
The TAG shifts security concerns away from the applications and provisions it in a unified location. The gateway blocks unauthorized traffic from reaching an application. When security conditions or concerns change, these can be quickly addressed directly at the gateway level. The burden upon the code itself is effectively removed.