API interceptor for real time scanning

Asked by At

I am designing an interceptor to capture APIs request and response in real time to identify sensitive information. The requirement is to stay as an independent component and intercepts every APIs request and response.

enter image description here

please find the attached architecture design with interceptor. I need expert suggestion to effectively implement interceptor.

1 Answers

Abhishek Tyagi On

2 approaches you can use.

  1. Side-car: Create a reusable library which, has nothing but an interceptor or filter(for java) or actionfilter for .net platform. Once added as dependency and instantiated by your application, All request and response can be accessed here and pushed to a broker. And one of your workers can read from broker.

  2. API Proxy/Gateway: A lightweight api gateway like kong can be used as a proxy and your application will remain intact. You will be able to log all HTTP headers and payload to a broker. Advantage here is, even if you have more than 1 applications the solution will remain same, and is agnostic to backend application language or lifecycle.