Hopr Connect Gateway

Turn public-facing API workloads into decentralized API gateways with verified identity trust connections that prevent API attacks

Animated GIF of Hopr Connect Gateway AMTD

API security surveys report that 80% of API attacks occur on public-facing APIs.
Hopr Connect Gateway blocks all untrusted external connections, including those attempting to use compromised API keys.

A Decentralized API Gateway

Graphic image of connecting two application networks

More than 90% of API attacks on financial and insurance API endpoints reported in a recent survey were authenticated. API keys are frequently stolen and used by threat actors to exploit APIs.

“The Kerberos security pattern is well-proven. What Hopr has developed is a novel implementation of Kerberos that will enhance the protection of cloud workloads.”

Senior Director, Global Technology Analyst

Hopr Connect API Gateway

Secure East-West and North-South traffic with a zero trust
automated moving-target defense

graphic icon of Hopr Connect Gateway for APIs
Kerberos is a well-proven security design pattern
Decentralized API gateways
K4C Workload Security Proxies (WoSPs) turn public-facing workloads into decentralized API gateways capable of routing data to other internal workloads.
Prevent attacks using stolen API keys
Hopr Connect Gateway recognizes untrusted connection attempts with stolen API keys and blocks attacks that arrive at an API endpoint from any path.
Guranteed trust at every connection
Hopr is the trust guarantor in a Kerberos for the Cloud (K4C) protocol to verify trust in workloads from two organizations before enabling their connection.
External organizations register with Hopr
Partners and suppliers needing access to your organization’s public APIs register with Hopr, and obtain and configure their own Hopr Connectors.
Graphic icon of two connected containerized workloads

Try Our Tech

We offer a FREE plan so that you can use Hopr Connect to evaluate it for your use case with no time limit. Deploy Hopr WoSPs with your containerized apps and perform up to 5,000 communication sessions per month at no charge.

Onboarding is self-serve and WoSP config and deployment is a simple DevOps process.

Prevent attacks on public APIs

Hopr Connect Gateway performs the Kerberos protocol with Hopr independently verifying the identity and trust of an external third party client at the time they initiate a connection with your public API endpoint.  Hopr Connect Gateway operates with a “K4C” WoSP at the client and server workload endpoints. They enable the high-trust, ultra-secure workload connections between  organizations and communicate data internally within their respective organizational networks via standard Hopr Connect protocols.
graphic icon of Hopr Connect Gateway for APIs
Client organization connects with Hopr

An external client is registered with Hopr and has its own Hopr Connect Gateway configuration. When an API call to your server API endpoint is needed, the client connects with Hopr first to establish identity and trust with Hopr.

Abstract graphic icon of a workload   connected to Hopr algorithm
Hopr generates an API session key

Hopr decrypts the client message and learns the API server identity. Hopr uses CHIPS™ to generate a unique session key for the client and API server, and holds these until the server API is contacted.

graphic icon of Hopr Connect Gateway for APIs
Hopr connects to the API endpoint

Hopr uses Hopr Connect to message the API server with the client ID. The API server confirms client ID authorization. Hopr passes the API session key to the API server.

graphic icon of Hopr Connect Gateway for APIs
API server authorizes client connection

API Server notifies Hopr of authorization of client. And Hopr, as trust guarantor of the connection, returns the API session key to the client.

graphic icon of Hopr Connect Gateway for APIs
Client and API server connect

The client and API server use the API session key provided by Hopr to establish their end-to-end encrypted communication channel. All keys vanish when the session closes.

Hopr Connect Gateway FAQ

Do my suppliers and external partners need to register with Hopr?

Yes. Hopr Connect Gateway establishes trust of workloads at your partner organizations with Hopr K4C WoSPs at each endpoint (client and server). Your partner organization's client endpoint is protected by its WoSP.

Does Hopr Connect Gateway assure a trusted workload identity?

Yes. The "Kerberos for the cloud" protocol assures that connections to your APIs from outside parties are high trust with Hopr validating that trust before the connection occurs.

Does Hopr Connect Gateway prevent misuse of stolen API keys?

Yes. API keys are static, easily stolen, and difficult to replace. Bulk resets on a suspected breach are expensive and penalize users. Hopr ensures that stolen API keys are ineffective and only legitimate trusted workloads can use their API key.

What if the third party organizations don’t use Kubernetes?

Hopr Connect Gateway can be used with a variety of popular cloud container systems and even virtual machines. Contact us to learn about solutions for specific architectures.

Don't see your question above?
Schedule a FREE discovery call.
icon of a smart phone

Discover How AMTD is a Winning Defense

Schedule a 15-minute discovery call with one of our experts to discuss your use case and learn how Hopr's automated moving-target defense can prevent cyber attacks on your business.
Schedule a Call
Gartner, Emerging Tech: Security — The Future of Cyber Is Automated Moving Target Defense, Lawrence Pingree, Carl Manion, et al.., 28 February 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.