Best API Security Software in China

KrakenD is a high-performance API Gateway optimized for resource efficiency, capable of managing 70,000 requests per second on a single instance. The stateless architecture allows for straightforward, linear scalability, eliminating the need for complex coordination or database maintenance. It supports various protocols and API specifications, with features like fine-grained access controls, data transformation, and caching. Unique to KrakenD is its ability to aggregate multiple API responses into one, streamlining client-side operations. Security-wise, KrakenD aligns with OWASP standards and doesn't store data, making compliance simpler. It offers a declarative configuration and integrates with third-party logging and metrics tools. With transparent pricing and an open-source option, KrakenD is a comprehensive API Gateway solution for organizations prioritizing performance and scalability.

Tyk is a leading Open Source API Gateway and Management Platform, featuring an API gateway, analytics, developer portal and dashboard. We power billions of transactions for thousands of innovative organisations. By making our capabilities easily accessible to developers, we make it fast, simple and low-risk for big enterprises to manage their APIs, adopt microservices and adopt GraphQL. Whether self-managed, cloud or a hybrid, our unique architecture and capabilities enable large, complex, global organisations to quickly deliver highly secure, highly regulated API-first applications and products that span multiple clouds and geographies.

Start analyzing and protecting your APIs with passive, inline or API-based integration with any existing network component – API gateway, proxy, CDN or ingress controller. Predefined policies, fine-tuned using threat patterns observed in protecting billions of API transactions per day delivers unmatched, out-of-the-box protection. A rich user interface and an open, API-based architecture enables integration with threat intelligence feeds, CI/CD framework tools, other security components, and SIEM/SOAR/XDR solutions. Patented ML-based analysis eliminates JavaScript and SDK integration pen-alties such as extended development cycles, slow page loads and forced mobile-app upgrades. ML-based analysis generates a unique Behavioral Fingerprint to determine malicious intent and continually tracks attackers as they retool.

Authress, Complete Auth API for B2B. Authentication & Authorization gets complicated quickly, even if it appears easy, there is a lot of hidden complexity in authorization, you don’t want to do it on your own. It takes time to get authorization right In simple cases, it takes an average software team 840 hours to implement authorization logic. As you add features to your application, this number grows rapidly. Without expertise, you leave your door wide open to malicious attacks. You risk compromising your user data, non-compliance with local regulations, and massive business losses. * Secure authorization API--Instead of building your own authorization logic, call our API * Granular permissions--Define multiple levels of access and group them by user roles. As granular as you want * Identity Provider integrations--Plug in any of your preferred ID providers with a simple API call. * SSO and full user management

Gravitee.io is the easiest to use, most performant and cost-effective Open Source API Platform that helps your organization to secure, publish and analyze your APIs. Use the power of Gravitee.io to manage identities with our OAuth2, OpenID Connect (OIDC) and Financial-grade API (FAPI) certified server. Gravitee.io APIM is a flexible, lightweight and blazing-fast open source API Management solution that helps your organization control finely who, when and how users access your APIs. With strong governance features such as API review and API quality and our market leading API designer, Gravitee.io enables you to design, manage, deploy and monitor your APIs in a secure and governed way. A branded Gravitee.io portal enables your API consumers to fully engage with your business - delivering high quality engagement for your business in the digital age.

Pynt is an innovative API Security Testing platform exposing verified API threats through simulated attacks. We help hundreds of companies such as Telefonica, Sage, Halodoc, and more, to continuously monitor, classify and attack poorly secured APIs, before hackers do. Pynt's leverages an integrated shift-left approach, and unique hack technology using home-grown attack scenarios, to detect real threats, discover APIs, suggest fixes to verified vulnerabilities, thereby eliminating the API attack surface risk. Thousands of companies rely on Pynt to secure the no. 1 attack surface - APIs, as part of their AppSec strategy.

automatic web application & API security using machine learning open-appsec is an open-source initiative that builds on machine learning to provide pre-emptive web app & API threat protection against OWASP-Top-10 and zero-day attacks. It can be deployed as add-on to Kubernetes Ingress, NGINX, Envoy and API Gateways. open-oppsec simplifies maintenance as there is no threat signature upkeep and exception handling, like common in many WAF solutions.