Project Description

API Firewall is a high-performance proxy with API request and response validation based on OpenAPI and GraphQL schemas. It is designed to protect REST and GraphQL API endpoints in cloud-native environments. API Firewall provides API hardening with the use of a positive security model allowing calls that match a predefined API specification for requests and responses, while rejecting everything else.

The key features of API Firewall are:

  • Secure REST and GraphQL API endpoints by blocking malicious requests
  • Stop API data breaches by blocking malformed API responses
  • Discover Shadow API endpoints
  • Validate JWT access tokens for OAuth 2.0 protocol-based authentication
  • Denylist compromised API tokens, keys, and Cookies

The product is open source, available at DockerHub and already got 1 billion (!!!) pulls. To support this project, you can star the repository.


Download source code as [.zip file] [.tar.gz file]
Documentation: [README]