Secure API calls
Heavy-Weight Security for Mobile Apps
Securing API calls for mobile applications is our main event.
While features such as single sign-on, proximity login, and session sharing across devices make mobile communication easier, they also place high demands on API security and endpoint integrity.
The Mobile API Gateway extends the heavyweight data-protection capabilities of the CA API Gateway to the mobile space. The Gateway’s integrated policy manager provides a central point for establishing a robust PKI infrastructure as well as managing API access and configuring security features.
Key security features include:
- Mutual TLS (two-way SSL) authentication to establish client-server trust.
- Certificate pinning, validation, and configuration
- FIPS 140-2 certification
- Geolocation Access control
- A PKI-based infrastructure to manage public-key encryption.
- SAML token credential support for federated identity authentication.
- Integration with CA Advanced Authentication to evaluate incoming request risks and trigger post-evaluation workflows.
- KNOX 2.0 support featuring TIMA keystore protection for Samsung devices
- OAuth 2.0 and OpenID Connect authorization and authentication framework