Integration Shield
Inspiration
To allow secure deployment of REST APIs for anyone. Many developers and organizations struggle with securing their APIs, implementing consistent authentication, and enforcing data validation policies. We wanted to create a solution that acts as a protective wrapper around existing APIs, providing enterprise-grade security features without requiring changes to the original API code.
What it does
Integration Shield is a comprehensive API security wrapper platform that:
- Creates secure wrapper endpoints around existing REST APIs with custom paths and routing
- Generates and manages credentials (client_id and client_secret) with configurable expiration dates
- Enforces policy-based validation on API payloads including:
- Enum validation (allowed values from a predefined list)
- Numeric range validation (min/max constraints)
- Date range validation (start/end date constraints)
- Provides credential-to-endpoint mapping allowing one credential to access multiple endpoints with different policies
- Validates all incoming requests against credentials and policy rules before forwarding to the original API
- Offers a web-based management UI for creating wrappers, defining endpoints, setting policies, and generating credentials
- Automatically manages lifecycle by cascading deletions (deleting a wrapper removes all associated credentials)
- Displays full API documentation showing all available wrapper endpoints with their URLs
How we built it
The project is built using:
- Backend: Python Flask framework for REST API and web application
- Database: SQLite3 with a normalized schema including tables for:
- API details (original API information)
- Endpoints (HTTP methods and paths)
- Policies (validation rules attached to endpoints)
- Credentials (client_id/secret pairs mapped to endpoint-policy combinations)
- Wrapper APIs (wrapper configurations and paths)
- IP access lists (for future access control)
- Frontend: HTML5, CSS3, and vanilla JavaScript for dynamic form management
- CRUD Layer: Modular CRUD interfaces for each database table
- Request Forwarding: Python requests library for proxying validated requests to original APIs
- Security: Python secrets module for cryptographically secure credential generation
Key architectural decisions:
- Dynamic endpoint creation allowing multiple endpoints per wrapper
- Flexible policy attachment supporting multiple policies per endpoint
- Many-to-many credential relationships (one credential → multiple endpoint/policy pairs)
- Path-based routing (
/api/{wrapper_path}/{endpoint_path}) - JSON-based request format with credentials and payload separation
Challenges we ran into
- Dynamic form management: Creating a UI that allows users to add multiple endpoints with nested policies required complex JavaScript state management and dynamic HTML generation
- Policy type flexibility: Supporting three different validation types (enum, numeric_range, date_range) with different input fields that show/hide based on selection
- Credential-endpoint relationships: Designing a database schema that allows one credential to connect to multiple endpoints while maintaining policy associations
- Cascade deletion logic: Ensuring that deleting a wrapper properly cleans up all associated credentials without orphaning data
- Path routing: Parsing wrapper paths and endpoint paths from a single URL pattern while supporting all HTTP methods
- Form data parsing: Extracting nested endpoint and policy data from HTML form submissions with dynamic indices
- Credential grouping: Displaying credentials grouped by client_id while showing all attached endpoints and policies in a user-friendly way
Accomplishments that we're proud of
- Built a fully functional API security platform from scratch with no external frameworks beyond Flask
- Implemented a flexible policy validation system that can be easily extended with new validation types
- Created an intuitive UI that abstracts complex database relationships into simple forms
- Achieved proper separation of concerns with modular CRUD interfaces for each entity
- Successfully implemented dynamic endpoint generation with real-time policy field updates
- Built a complete request validation pipeline that checks credentials, expiry, and policy rules
- Designed a clean cascade deletion system that maintains data integrity
- Generated comprehensive API documentation automatically from database entries
What we learned
- Database design patterns: How to design many-to-many relationships for flexible credential-endpoint mappings
- Dynamic web forms: Techniques for managing complex nested forms with JavaScript
- API security patterns: Best practices for credential validation, policy enforcement, and request proxying
- Python secrets module: Secure methods for generating cryptographic tokens
- Flask routing: Advanced path-based routing with variable segments
- State management: Organizing frontend state for dynamic form elements
- Data validation: Implementing type-specific validation logic for different policy types
- Cascade operations: Managing entity relationships and cleanup during deletions
What's next for Integration Shield
- IP Access Control: Activate the ip_access_list table to enforce allowed/blocked IP addresses
- Rate Limiting: Add request throttling per credential to prevent abuse
- Analytics Dashboard: Track API usage, credential activity, and policy violations
- Multi-policy validation: Support validating multiple fields in a single request
- Custom policy types: Allow users to define custom validation logic with expressions
- OAuth2 integration: Support OAuth2 flows in addition to client_id/secret
- API key rotation: Automatic credential rotation with grace periods
- Webhook notifications: Alert users of policy violations, expired credentials, or suspicious activity
- Docker deployment: Containerize the application for easy deployment
- Load balancing: Add support for multiple original API instances with health checks
- Request/Response transformation: Modify payloads before forwarding or after receiving responses
- Audit logging: Comprehensive logging of all API requests and validation results
- Team collaboration: Multi-user support with role-based access control
- API versioning: Support multiple versions of wrapper APIs with different policies
Built With
- amazon-web-services
- anthropic
- python
Log in or sign up for Devpost to join the conversation.