Checks whether API security authentication in API Gateway is set to Alibaba Cloud APP or uses a specified plugin type.
Scenarios
Configure an appropriate API security authentication method in API Gateway to reduce business security risks.
Risk level
Default risk level: Medium.
When you use this rule, you can change the risk level as required.
Detection logic
-
An API is considered compliant if its security authentication in API Gateway is set to Alibaba Cloud APP or uses a specified plugin type.
-
An API is considered non-compliant if its security authentication in API Gateway is not set to Alibaba Cloud APP and does not use a specified plugin type.
Rule details
|
Parameter |
Description |
|
Rule name |
Configure API security authentication in API Gateway |
|
Rule identifier |
api-gateway-api-auth-required |
|
Tags |
API, ApiGateway |
|
Automatic remediation |
Not supported |
|
Rule trigger mechanism |
Periodic execution |
|
Trigger frequency |
24 hours |
|
Supported resource types |
API resources |
|
Input parameters |
|