Grafik Airlock API

Airlock API

Customized protection of your interfaces

Modern applications and services shift the user guidance into the end devices of the users, as Single-Page Application (SPA) in the browser or as Smartphone App. Communication with the servers thus focuses on the exchange of process data via APIs (Application Programming Interfaces). REST/JSON APIs, in particular, are currently in vogue. The new architecture exposes them to a large extent and they require the same level of protection against web attacks. Airlock API is therefore based on Airlock WAF and comes with a solid filter arsenal for web security.


Airlock API Gateway

  • Enforces API Specification
  • API Keys and Usage Plans
  • Multitenancy for REST API
  • Prevents invalid & unauthorized requests
  • Blocks API attacks
  • DevSecOps: guaranteed safe DevOps
  • Reporting, statistics & monitoring
  • Load balancing
  • Mobile Security

The OWASP Top 10 API Security Risks

APIs are likely to develop, over the coming years, into the main attack surface for web applications. OWASP is responding to this with a new and specialised top ten list for API security.

Read our whitepaper "Airlock and the OWASP Top 10 for API Security 2019" and learn all about the ten biggest API security risks and how you can protect yourself against them.

Read the whitepaper

Read the specialist article published in Heise Magazine to find out more about the new OWASP Top 10 list, the background and responsibilities.

Read the article

In the special issue of the iX Developer magazine you can learn more about the new and specialized OWASP Top Ten list and where developers are required to take action.Read the special issue

Advanced API Protection

The Airlock API gateway offers a range of protective mechanisms that are tailor-made for APIs. JSON Schema and OpenAPI specifications for APIs can be uploaded and enforced via the gateway. Only API calls that meet these specifications will be forwarded to the internal APIs. Innovative functions such as dynamic value endorsement (DyVE) also enable dynamic whitelisting of permitted variables within an API interaction.

API access control

One of the main reasons for using API gateways is to ensure access control to APIs. The Airlock API gateway validates access tokens and permits role-based access authorisation for API end points. The Airlock API gateway works in conjunction with Airlock IAM to support OAuth 2.0, OpenID Connect 1.0 and SAML 2.0 in protecting access to APIs.

High availability

The Airlock API gateway is a reverse proxy with failover and load-balancing functions, efficiently ensuring high availability of connected services. When modifications are made to the application infrastructure (e.g. starting/stoping of additional instances), Airlock API automatically takes over and enables high scalability. TLS is also terminated in advance, relieving the burden on APIs and enabling simple scaling.

Learn more about high availability

API monitoring, statistics and reporting

Built-in dynamic reporting provides an overview of all API access attempts at all times. Access logs for API calls can be forwarded to peripheral systems and, therefore, be used as a basis for monetisation of accesses. Interactive dashboards ensure an overview of both attempted attacks and specification violations, highlighting performance problems and displaying back-end faults.

Learn more about Reporting and SIEM integration


Thanks to its comprehensive REST API, the Airlock API gateway is easy to integrate into DevOps pipelines. The outcomes of service events in a microservice architecture environment can be tracked automatically via the API gateway. For example, a service update can automatically deploy the new OpenAPI specification to the API gateway.

Learn more about DevSecOps

Toward DevSecOps

In a DevSecOps culture, every agile team has a security expert. He fulfills non-functional requirements, so the product owner includes security in the development plan.

Read this whitepaper to learn key insights on how to successfully and efficiently implement DevSecOps, what security components are needed to make it happen, and the benefits of a microgateway architecture.

Request Whitepaper DevSecOps


Virtual Appliance

Airlock Cloud Image

Microgateway as a container

Our whitepapers

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles. Lern more about the effects of ongoing digitization and how it affects modern information technology

Request Whitepaper Zero Trust

Airlock 2FA

The two-factor authentication (2FA, MFA or SCA for short) in the area of IT security offers double the security. In combination with efficient customer identity & access management (cIAM), numerous processes are significantly simplified. Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request Whitepaper Airlock 2FA

From spoilsport to the pioneer of digitisation

Digitisation is presenting businesses with new challenges which go far beyond information technology. This primarily relates to an aspect which is becoming increasingly important: IT security. Learn how IT security is accelerating digitization.

Request Whitepaper IT Security

Accelerate digitisation

In order to stay technically viable in this digital transformation, companies must increasingly switch to hybrid cloud environments. This requires new security approaches as well as a mature customer identity and access management system. Learn more about this topic in our whitepaper in cooperation with our partners Deloitte, eperi und SHE.

Request Whitepaper Accelerate digitisation

Convincing performance: Gold for the Airlock API Gateway

Not only our customers, but also the independent information security community is convinced. The Airlock API Gateway Hub has been awarded Gold at the Cyber Security Excellence Awards 2022 in the API Security category. In total, Airlock solutions have won the gold award seven times.

Ready for excellent IT security?

Contact us now.
Ergon Informatik AG+41 44 268 87 00

Information for you

-Our whitepapers-

Visit us at it-sa!

From 8 to 10 October you can visit us at the it-sa, the largest IT security event in Europe. Learn the latest news about application security, API security, access management and cloud security. In our congress on 9 October you can learn in many further lectures how you should turn your IT security from a spoilsport to an accelerator of your digitization projects.

Register now and get a free ticket

Study Application and API Security 2022

In a recent study in cooperation with CIO, CSO and COMPUTERWOCHE, Ergon Airlock looked at application and API security in the container environment.

Request study

Zero Trust is a journey

The digital transformation of the world continues to progress, and it is profoundly affecting private life and job profiles in a manner that was hard to imagine just a few years ago.

This whitepaper covers the effects of continuous digitization and its implications.

Request free of charge

Toward DevSecOps

In this whitepaper, you will learn the most important insights into how you can successfully and efficiently implement DevSecOps, which security components are required for this, and what benefits a microgateway architecture brings.

Request free of charge

Airlock 2FA - Strong Authentication. Easy.

The two-factor authentication in the area of IT security offers double the security.

Find out more about strong authentication and the possibilities that Airlock offers in our whitepaper.

Request free of charge

Further whitepapers

We provide whitepapers on these and other topics free of charge:

  • successful IAM projects
  • Compliance
  • Data protection (GDPR)
  • Introduction of PSD2
  • PCI DSS requirements
Request free of charge