Optimised Access Control

Web & API Access with Nevis


What is Web/API Access?

Making sure that the right people have access to the right resources: This is the core of web and API access management. Web and API access security centralises the access control with a universal security layer for all web-based and mobile apps, including APIs and web services.

How Does Web/API Access With Nevis Work?

A comprehensive set of APIs enables smooth integration into any existing CI/CD (Continuous Integration and Continuous Delivery) pipeline to automate deployment.

Secure Access Gateway

blue-plus blue-minus

An access gateway offers secure access to specific requirements by using a differentiated approach to user authentication and authorisation. An access gateway controls and limits user access to specific applications and individual resources centrally, based on the user’s authentication, authorisation and context. Centralised authorisation allows access controls to be created at application level.

Identity and Context-Aware Proxy is the Nevis concept that allows customers to connect seamlessly and enables authentication and highly differentiated authorisation for web applications, web services and APIs.

Filtering and Blocking

blue-plus blue-minus

Attacks such as XSS, CSRF, injection attacks or session-stealing attempts have been at the very top of the OWASP Top 10 list for years. Strict filtering and blocking of all data traffic prevents these types of attacks now and in the future. Attacks rarely conform to standards or follow recognisable and familiar patterns. A powerful filtering and blocking engine can prevent many of these common attacks.

Powerful Request Filtering
  • Secure service quality by blocking troublesome clients restricting your services.
  • Define restrictions to reduce DoS attacks.
  • Validations at HTTP protocol level
  • Header and request-parameter filtering
  • Filter and validate requests with structured formats such as: JSON, SOAP calls and XML.
Dynamic Filtering
All protection functions can be dynamically forced or bypassed based on rules such as:
  • Source and IP geolocation
  • Scenario-specific
Advanced Filtering
  • Malware filtering integration (ICAP): forwarding incoming requests by ICAP
  • ModSecurity integration: use the flexibility of ModSecurity to protect your web applications.
  • Script creation with Lua: use a secure programming environment to implement scenario-specific protective measures or checks

Load Balancing and Reverse Proxying

blue-plus blue-minus

Reverse proxy servers and load balancers are components in a client-server computing architecture. Both act as intermediaries in communication between the clients and servers and execute functions to boost efficiency. Although they can be implemented as dedicated, specially developed devices, modern web architectures increasingly use them as software applications that are executed on commercial hardware.


  • A reverse proxy accepts a request from a client, forwards it to a server that can fulfil it and returns the response from the server to the client.
  • A load balancer distributes incoming client requests to a group of servers and returns the response from the selected server to the relevant client.

Load balancers are most often used if a web page needs multiple servers because the volume of requests is too high to be efficiently processed by a single server. The deployment of multiple servers also eliminates a single «point of failure», making the website more reliable.

Although it only makes sense to deploy a load balancer if you have several servers, it can often be useful to deploy a reverse proxy with just one web server or application server as this provides greater security, scalability and flexibility.

Policy Enforcement Point (PEP)

blue-plus blue-minus

A policy enforcement point (PEP) is responsible for receiving authorisation requests that are sent to the policy decision point (PDP) for evaluation. A PEP can be installed anywhere in an application where data and resources require protection or where authorisations logic is applied. A PEP is only responsible for requesting and evaluating an authorisation decision and does not require an authorisations logic.


Do You Have Questions About Customer Identity and Access Management?

We’re here to help – with personal consultations, reliable support and smart solutions. We would be happy to show you the advantages of the Identity Suite from Nevis in detail.

Contact Us!

Advantages of Web & API Access

More Security

Centralised administration of access guidelines for your end users so that you can configure and customise security settings at one location. Drive profits everywhere – and expand the identity and access control on your web apps and APIs.

Easier Integration

Simple integration into your existing web applications and APIs without code or architecture changes.

Greater Flexibility

Reduce your maintenance and operating costs with a flexible security and access gateway that you can use to secure your legacy applications, hybrid applications, web apps, mobile apps and APIs.

Reducing IT Costs

The fewer passwords in circulation, the less time your IT helpdesk must spend dealing with password problems. This will save you more time and money than you might have thought possible.