Authentication

Firstly, BREAGEN employs a managed identity mechanism to authenticate clients accessing its SDK API. This involves the issuance of managed API keys by BREAGEN's identity management system. These API keys serve as unique identifiers for each client, enabling them to authenticate themselves securely with BREAGEN's infrastructure.

Once authenticated, clients utilize their API keys to generate JSON Web Tokens (JWT). These JWT tokens act as bearer tokens, providing proof of authentication during API requests. The JWT tokens contain encoded information, including the client's identity and any associated permissions or roles granted by BREAGEN's authorization system.

Api Keys

Authorization within BREAGEN's SDK API is handled through the JWT tokens. Each token carries authorization details, specifying the client's access rights to various resources within the internal systems. These permissions are meticulously configured and managed by BREAGEN's access control mechanisms, ensuring that clients only have access to the resources they are explicitly authorized to use.

Additionally, BREAGEN's SDK API incorporates rate-limiting functionalities within the JWT tokens. This means that each token contains information regarding the allowable rate of API requests for the respective client. By enforcing rate limits at the token level, BREAGEN maintains control over resource utilization, preventing abuse or overloading of the internal systems.

In summary, BREAGEN's authentication and authorization process for its SDK API revolves around a managed identity system, where clients are issued managed API keys for authentication. These keys are then used to generate JWT tokens, which carry authorization details and rate limits for each client. By implementing these security measures, BREAGEN ensures that its SDK API remains secure, compliant, and accessible to authorized clients while safeguarding the integrity and performance of its internal systems.

Parameters

Parameter	Description
API_KEY	API key provided by the service
SECRET	Secret key provided by the service
Auth Tokens	Authentication tokens required for accessing the API

Example Request CURL

!!! Note

The api key and api secret will be provided offline by BREAGEN team. the keys are not intended to share with other clients, and keys are locked to network source and rate limits

 #!/bin/bash
 
 # Endpoint for authentication
 AUTH_URL="https://usermanagment-gen-$$.datafab.ai/authenticate"
 
 # Your API key and secret
 API_KEY="your_api_key"
 SECRET="your_secret_key"
 
 # Forming the authentication request with API key and secret
 curl -X POST $AUTH_URL \
      -d "api_key=$API_KEY" \
      -d "secret=$SECRET"

Example Request Python 3.x

 import requests
 
 def authenticate(api_key, secret):
     # Endpoint for authentication
     auth_url = "https://usermanagment-gen-$$.datafab.ai/authenticate"
 
     # Parameters for authentication request
     params = {
         "api_key": api_key,
         "secret": secret
     }
 
     try:
         # Sending authentication request
         response = requests.post(auth_url, params=params)
 
         # Checking if request was successful
         if response.status_code == 200:
             # Extracting JWT token from response
             jwt_token = response.json()['token']
             return jwt_token
         else:
             # Handling authentication failure
             print("Authentication failed. Status code:", response.status_code)
             return None
     except Exception as e:
         # Handling exceptions
         print("Error during authentication:", e)
         return None
 
 # Example usage
 api_key = "your_api_key"
 secret = "your_secret_key"
 
 # Authenticating and obtaining JWT token
 jwt_token = authenticate(api_key, secret)
 
 if jwt_token:
     print("JWT Token:", jwt_token)
     # Now you can use this JWT token for making authenticated API requests

Rate Limits

Rate limiters are crucial tools for managing the flow of requests in any system. In BREAGEN's SDK API, they intelligently control the rate of requests to optimize infrastructure resources. By setting limits based on factors like request type and client identity, rate limiters ensure fair resource allocation and prevent overload situations. They adapt dynamically to real-time traffic conditions, maintaining consistent performance levels and enhancing system security. Overall, rate limiters play a vital role in maximizing efficiency, reliability, and cost-effectiveness for BREAGEN's SDK API users.

API Category	Rate Limit (per minute)	Rate Limit (per hour)	Rate Limit (per day)
User Management APIs	100	6000	144000
Screening APIs	200	83000	2000000
Watchlist APIs	150	9000	216000
Configuration APIs for Matchers	120	300	300
Configuration APIs for Request Responses	180	300	300
History APIs	250	15000	360000

Network Restrictions

API key network restrictions offer an additional layer of security to BREAGEN's system by allowing access only from specific IP addresses or IP ranges that are pre-approved. This feature ensures that access to the system is restricted to authorized users or entities, enhancing the overall security posture of the platform.

By configuring network restrictions for API keys, BREAGEN clients can define a whitelist of trusted IP addresses or IP ranges from which API requests are allowed. Any request originating from an IP address not included in the whitelist will be denied access, thereby mitigating the risk of unauthorized access attempts and potential security breaches.

Moreover, BREAGEN's system provides secure communication channels through S2S (Site-to-Site) IPsec-based private connections or point-to-site encrypted network connections. These connections are designed to transmit sensitive data securely over the network, safeguarding it from interception or unauthorized access during transit.

S2S IPsec-based private connections establish secure tunnels between different network endpoints, such as between on-premises data centers and cloud environments. These tunnels encrypt data packets before transmission, ensuring confidentiality and integrity while traversing potentially untrusted networks.

On the other hand, point-to-site encrypted network connections provide secure access for individual devices or users connecting to the BREAGEN system over the internet. These connections typically involve the use of VPN (Virtual Private Network) technology, where client devices establish encrypted tunnels to the BREAGEN network, ensuring secure communication and data exchange.

By offering both S2S IPsec-based private connections and point-to-site encrypted network connections, BREAGEN enables clients to transmit sensitive data securely while adhering to compliance requirements and maintaining the confidentiality of their information assets. These robust security measures, combined with API key network restrictions, form a comprehensive security framework that protects BREAGEN's system and its users from potential threats and vulnerabilities.