US 11,853,463 B1
Leveraging standard protocols to interface unmodified applications and services
Timothy L. Hinrichs, Los Altos, CA (US); and Teemu Koponen, San Francisco, CA (US)
Assigned to STYRA, INC., Redwood City, CA (US)
Filed by Styra, Inc., Redwood City, CA (US)
Filed on Mar. 5, 2019, as Appl. No. 16/293,513.
Claims priority of provisional application 62/721,997, filed on Aug. 23, 2018.
Int. Cl. G06F 21/62 (2013.01); H04L 9/40 (2022.01); H04L 67/561 (2022.01)
CPC G06F 21/629 (2013.01) [H04L 63/0807 (2013.01); H04L 63/10 (2013.01); H04L 67/561 (2022.05); H04L 2463/082 (2013.01)] 14 Claims
OG exemplary drawing
 
1. A method for enforcing policies for authorizing API (Application Programming Interface) calls to an application, the method comprising:
at an authorization first module for authorizing API calls:
receiving, from the application, a request to authenticate a client sending an API call to the application;
using an authentication second module to authenticate the client based on a first set of parameters associated with the request;
using a second set of parameters associated with the request to evaluate a set of one or more policies that are specified to control API calls to the application;
based on the evaluated policies, defining a third set of parameters to perform an RBAC (role-based access control) operation by the application, the third set of parameters including at least one parameter not in the first and second sets of parameters; and
sending, to the application, the defined third set of parameters for the application to use to perform the RBAC operation to determine whether the application should perform an operation requested by the API call.