Contents
This filter allows the API Gateway to act as an XML encrypting Web Service, where clients can send up XML blocks to the API Gateway that are required to be encrypted. The API Gateway can then encrypt the XML data, replacing it with <EncryptedData> blocks in the message. The encrypted content is then returned to the client.
Similarly, the API Gateway can act as an XML decrypting Web Service, where clients can send up <EncryptedData> blocks to the API Gateway, which can then decrypt them and return the plain-text data back to the client.
By deploying the API Gateway as a centralized encryption/decryption service, clients distributed throughout an SOA (Services Oriented Architecture) can abstract out the security layer from their core business logic. This simplifies the logic of the client applications and makes the task of managing and configuring the security aspect a lot simpler since it is centralized.
Furthermore, the API Gateway's XML and cryptographic acceleration capabilities ensure that the process of encrypting and decrypting XML messages - a task that involves some very CPU-intensive operations - is performed at optimum speed.
