APIM-Encrypt payload data

SIMANCHALA MISHRA 40 Reputation points
2023-08-28T03:43:26.2166667+00:00

Hi Team,

We are as part of Banking project and handling most critical payload data.

When there is a request and response from the Transfer API we want to do encrypt the account data in Azure APIM.

Is there a way to do the encryption in Azure APIM to protect the payload data.

Please provide your inputs on this

Regards,

Simanchala Mishra

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,446 questions
0 comments No comments
{count} votes

Accepted answer
  1. navba-MSFT 27,540 Reputation points Microsoft Employee Moderator
    2023-08-28T04:30:49.59+00:00

    @SIMANCHALA MISHRA Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    I understand that you are checking for a way to encrypt account data in Azure APIM to protect the payload data for a banking project.

    From the Security standpoint, Azure API Management supports multiple versions of Transport Layer Security (TLS) protocol to secure API traffic for:

    • Client side
    • Backend side

    API Management also supports multiple cipher suites used by the API gateway.

    By default, API Management enables TLS 1.2 for client and backend connectivity and several supported cipher suites. This guide shows you how to manage protocols and ciphers configuration for an Azure API Management instance.

    APIM also abides by the Azure Data Encryption at rest.

    To enable message encryption in Azure APIM for the Request body payload, you can use policies. Policies are a powerful feature in Azure APIM that allow you to modify the behavior of API requests and responses.

    We have a sample policy which you could start with: https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Encrypt%20data%20using%20expressions.policy.xml.

    Within the docs we do show that you have access to various Encrypt and Decrypt methods: https://docs.microsoft.com/en-us/azure/api-management/api-management-policy-expressions#ref-context-request.

    Also note that APIM encrypts all sensitive data (policies, secret named values, subscription keys) using per-service, Microsoft managed encryption keys. The keys are stored in Azure Key Vault (owned by Microsoft).

    For more information on how to use policies in Azure APIM, you can refer to the following documentation:

    I hope this information helps you encrypt the payload data in Azure APIM. Let me know if you have any further questions or concerns.

    **
    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.