Kusk blog

Kusk + Cloudentity: Fine-Grained API Authorization

Oct 14, 2022
5 min
Abdallah Abedraba
Product Leader

Kusk has partnered with Cloudentity, an Authorization as a Service platform, to enable users to create powerful authorization rules while still using OpenAPI at the core of their API workflows!

Kusk + Cloudentity: Fine-Grained API Authorization
Share on Twitter
Share on LinkedIn
Share on Reddit
Share on HackerNews
Copy URL

Table of Contents

Get started today

The Kusk team is glad to announce it has partnered with [Cloudentity](https://cloudentity.com/), an authorization-as-a-service platform, to enable users to leverage Cloudentity's robust centralized policy management and distributed Authorizer frameworks in combination with [Kusk's](https://kusk.io) OpenAPI extensions.

Security and infrastructure teams at organizations across the world rely on Cloudentity to keep their applications safe and secure. We're excited to join their team of trusted partners like Okta, Amazon Web Services (AWS), Azure, Google, and Axway.

This is part of our main effort in helping companies create better and more resilient APIs.

## OpenAPI for Open Standards

Cloudentity embraces open standards and open-source in its journey to enable developers to implement scalable security from day one. Cloudentity users achieve security compliance faster and with less effort in ecosystems like Open Banking, which heavily rely on standards like OpenAPI.

Kusk allows users to extend their OpenAPI definitions to include API gateway configuration rules so developers can have less complexity in their path to production. The configuration of the API gateway by use of OpenAPI enables developers to include features like response mocking and request body validation, among many others, out-of-the-box from day one.

## Control the Authorization of APIs

Kusk allows users to create their own authorization logic with [Custom Auth Upstreams](https://docs.kusk.io/guides/authentication/custom-auth-upstream). But dealing with authorization rules is complicated and doesn’t easily scale. 

With Cloudentity added as an authorizer to Kusk Gateway, API requests are now protected with rules that developers can create using Cloudentity’s [Visual Policy Editor](https://cloudentity.com/developers/howtos/access_policies/creating-cloudentity-policies-using-visual-editor/) or [REGO policies](https://cloudentity.com/developers/howtos/access_policies/protecting-apps-using-open-policy-agent/) built on Open Policy Agent. These rules are then orchestrated in Cloudentity allowing developers to tailor the authorization of their APIs easily and scale it at the same time their API grows.

This is a great step for developers that use Kusk Gateway with their APIs, enabling more out-the-box working API self-service solutions, while still maintaining flexibility and control over the gateway in their Kubernetes clusters. 

## How does this integration work?

To use Cloudentity as the authorizer of your API requests with Kusk Gateway, you need to add the `auth` extension to your OpenAPI spec:

Kusk then configures the gateway to use a Cloudentity Authorizer that will filter requests using Cloudentity’s powerful and highly customizable authorization rules. 

You can see the full instructions on how to use Cloudentity with Kusk in our [guides](https://docs.kusk.io/guides/authentication/cloudentity).

## Try it out now.

We are very excited to add more integrations that enable our users to build great APIs. Check  on how to use Cloudentity with Kusk in our [guides](https://docs.kusk.io/guides/authentication/cloudentity). If you have any issues or questions about Kusk Gateway with Cloudentity, reach out to the team on the [Discord channel](https://discord.gg/6zupCZFQbe) or open an issue in the GitHub [repository](http://github.com/kubeshop/kusk-gateway)).

Related Content