Turn public-facing API workloads into decentralized API gateways with verified identity trust connections that prevent API attacks
API security surveys report that 80% of API attacks occur on public-facing APIs.
Hopr Connect Gateway blocks all untrusted external connections, including those attempting to use compromised API keys.
More than 90% of API attacks on financial and insurance API endpoints reported in a recent survey were authenticated. API keys are frequently stolen and used by threat actors to exploit APIs.
“The Kerberos security pattern is well-proven. What Hopr has developed is a novel implementation of Kerberos that will enhance the protection of cloud workloads.”
Senior Director, Global Technology Analyst
Secure East-West and North-South traffic with a zero trust
automated moving-target defense
An external client is registered with Hopr and has its own Hopr Connect Gateway configuration. When an API call to your server API endpoint is needed, the client connects with Hopr first to establish identity and trust with Hopr.
Hopr decrypts the client message and learns the API server identity. Hopr uses CHIPS™ to generate a unique session key for the client and API server, and holds these until the server API is contacted.
Hopr uses Hopr Connect to message the API server with the client ID. The API server confirms client ID authorization. Hopr passes the API session key to the API server.
API Server notifies Hopr of authorization of client. And Hopr, as trust guarantor of the connection, returns the API session key to the client.
The client and API server use the API session key provided by Hopr to establish their end-to-end encrypted communication channel. All keys vanish when the session closes.
Yes. Hopr Connect Gateway establishes trust of workloads at your partner organizations with Hopr K4C sidecars at each endpoint (client and server). Your partner organization's client endpoint is protected by its sidecar.
Yes. The "Kerberos for the cloud" protocol assures that connections to your APIs from outside parties are high trust with Hopr validating that trust before the connection occurs.
Yes. API keys are static, easily stolen, and difficult to replace. Bulk resets on a suspected breach are expensive and penalize users. Hopr ensures that stolen API keys are ineffective and only legitimate trusted workloads can use their API key.
Hopr Connect Gateway can be used with a variety of popular cloud container systems and even virtual machines. Contact us to learn about solutions for specific architectures.