La sicurezza delle API prevede il controllo dell'accesso alle API, la protezione da contenuti di messaggi dannosi, l'accesso e il mascheramento di dati sensibili criptati in fase di runtime, la protezione dei servizi di backend dall'accesso diretto e altre importanti misure di salvaguardia.
Archivia i dati che non devono essere codificati nella logica del proxy API per il recupero in fase di runtime, ad esempio
credenziali, chiavi private o token.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-05 UTC."],[[["\u003cp\u003eThis documentation covers security aspects for both Apigee and Apigee hybrid platforms.\u003c/p\u003e\n"],["\u003cp\u003eApigee API security encompasses access control, protection against harmful content, sensitive data handling, and backend service security.\u003c/p\u003e\n"],["\u003cp\u003eThe documentation offers guides on various security methods, including OAuth, SAML, data masking, last-mile security, API keys, and content-based security.\u003c/p\u003e\n"],["\u003cp\u003eLearn how to use Key Value Maps and property sets to dynamically store sensitive information, such as credentials or tokens, for API proxy runtime retrieval.\u003c/p\u003e\n"]]],[],null,["# Securing a proxy\n\n*This page\napplies to **Apigee** and **Apigee hybrid**.*\n\n\n*View [Apigee Edge](https://docs.apigee.com/api-platform/get-started/what-apigee-edge) documentation.*\n\nAPI security involves controlling access to your APIs, guarding against malicious message\ncontent, accessing and masking sensitive encrypted data at runtime, protecting your backend\nservices against direct access, and other important safeguards.\n\n### [OAuth\nhome](/apigee/docs/api-platform/security/oauth/oauth-home)\n\nGet links to introductory topics, examples, and how-to topics.\n\n### [Using SAML policies](/apigee/docs/api-platform/security/saml)\n\nGet an overview of Apigee's support for SAML, along with a pointer to the policy you'll\nneed.\n\n### [Data-masking and hiding](/apigee/docs/api-platform/security/data-masking)\n\nLearn how to mask sensitive data such as credit card numbers or health information.\n\n### [Last-mile security](/apigee/docs/api-platform/security/last-mile-security)\n\nLearn how to protect yourself against threats to your backend resources.\n\n### [API keys](/apigee/docs/api-platform/security/api-keys)\n\nGet an introduction to the working of API keys, the simplest form of app-based security.\n\n### [Content-based security](/apigee/docs/api-platform/security/content-based-security)\n\nLearn about the Apigee policies you can use to protect your APIs against content-carried\nthreats.\n\n### [Key\nValue Maps](/apigee/docs/api-platform/cache/key-value-maps) and [property sets](/apigee/docs/api-platform/cache/property-sets)\n\nStore data that shouldn't be hard-coded in your API proxy logic for retrieval at runtime, such\nas credentials, private keys, or tokens"]]
