Welcome to Corsha’s Developer Documentation!

Here’s an overview of Corsha’s API Security Platform, how you integrate and use it, and its benefits.

Corsha’s API Security Platform provides dynamic, fully automated multifactor authentication (MFA) for APIs. Like MFA in the human world, Corsha pins API access to only your trusted machines and then gives you full visibility and control over those machines and their API activity.

Corsha’s platform tightly couples a lightweight Authenticator with each trusted API client. Once deployed, the Authenticator starts developing a dynamic identity stream to Corsha’s Distributed Ledger Network (DLN). Corsha has built this DLN on top of a fully orchestrated Kubernetes platform allowing for seamless horizontal and vertical scaling. This private, permissioned DLN collects these dynamic identity streams for each machine. When the API client is ready to make an API call, it now has a fresh, one-time-use MFA credential to provide alongside any other primary authentication factors, like API keys, tokens, or mutualTLS certificates. Now let’s dig in into how to deploy and leverage Corsha in your application ecosystem.

Securing APIs

Today, nearly all enterprises and government agencies are moving to hybrid cloud infrastructure. This infrastructure uses a mix of traditional data centers, private cloud, and public clouds, such as AWS, Google and Microsoft’s Azure. Machines in these environments increasingly communicate via Application Programming Interfaces (APIs).

The focus of the platform is to protect this machine-to-machine communication where there is no human involved. Theft of static API credentials like keys, tokens, and certs is increasingly an important element of enterprises’ cybersecurity strategy. Corsha automates API-related security processes, removing reliance on static credentials and relieving the burden on enterprise DevOps processes for proper management and hygiene around these static API credentials.