Message content is a significant attack vector used by malicious API consumers. API Services
provides a set of Policy types to mitigate the potential for your backend services to be
compromised by attackers or by malformed request payloads.
The following video provides an overview and focuses on protecting against SQL injection
attacks.
JSON threat protection
JSON attacks attempt to use structures that overwhelm JSON parsers to crash a service and
induce application-level denial-of-service attacks.
Such attacks can be mitigated using the JSONThreatProtection Policy type.
Some content-based attacks use specific constructs in HTTP headers, query parameters, or
payload content to attempt to execute code. An example is SQL-injection attacks. Such attacks can
be mitigated using the RegularExpressionProtection Policy type.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-03-10 UTC."],[[["This content is relevant to both Apigee and Apigee hybrid users, detailing various security measures."],["Malicious API consumers often use message content as an attack vector, potentially compromising backend services."],["JSONThreatProtection and XMLThreatProtection policies can mitigate denial-of-service attacks by preventing the overwhelming of parsers with specific structures."],["The RegularExpressionProtection policy can help safeguard against content-based attacks, including SQL-injection attempts within headers, parameters, or payload content."]]],[]]
