Illegal Access Prevention (IAP)

Owned by Troels Nielsen
Last updated: Dec 15, 2017 by Nick JensenVersion comment
1 min read


Block and report on undesirable API access attempts

Illegal Access Prevention (IAP) is a collection of monitoring tools used to detect, report and block undesirable API access attempts. IAP tools can be enabled and customized per application, with warning and error thresholds that meet the requirements of the individual application.

When enabled for an application, the API will monitor unusual behavior, where "unusual" depends on the client and expected access patterns - requests for non-existent data, failed attempts to create entities, badly formatted request body etc. When discrepancies are detected above the level of the specified warning threshold, notifications are sent to interested parties. When error thresholds are reached, further API requests may be rejected for a given period of time.

Illegal API requests received during the cooldown period will fail with HttpStatusCode 403, including an extra response header ApiStatusSubCode: 403.30.