Secure API calls
Heavy-Weight Security for Mobile Apps
Securing API calls for mobile applications is our main event.
While features such as single sign-on, proximity login, and session sharing across devices make mobile communication easier, they also place high demands on API security and endpoint integrity.
The CA Mobile API Gateway extends the heavyweight data-protection capabilities of the CA API Gateway to the mobile space. The Gateway’s integrated policy manager provides a central point for establishing a robust PKI infrastructure as well as managing API access and configuring security features.
Key security features include:
- Mutual TLS (two-way SSL) authentication to establish client-server trust.
- Certificate pinning, validation, and configuration
- FIPS 140-2 certification
- Geolocation Access control
- A PKI-based infrastructure to manage public-key encryption.
- SAML token credential support for federated identity authentication.
- Integration with CA Advanced Authentication to evaluate incoming request risks and trigger post-evaluation workflows.
- KNOX 2.0 support featuring TIMA keystore protection for Samsung devices
- OAuth 2.0 and OpenID Connect authorization and authentication framework