Introduction to Fine-Grained API Authorization

Convera, a leading payment processing platform, required a scalable, secure, and auditable way to enforce role-based and attribute-based access control as their service offerings expanded, processing billions in cross-border payment volume yearly.

Background and Requirements

Convera needed to ensure internal and external users had access only to the resources and actions they were explicitly authorized for, while maintaining flexibility to adapt to evolving business needs. Initially, Convera explored building an in-house access control solution, but realized it would require significant engineering effort and ongoing maintenance, diverting resources from their core business priorities.

Convera chose Verified Permissions for implementing fine-grained authorization for their payment APIs, driven by factors such as direct integration with AWS services like Amazon Cognito and Amazon API Gateway, Cedar policy languages flexibility in defining complex authorization rules, and high-performance characteristics with millisecond-level authorization decisions.

Implementation of Verified Permissions

Given its flexibility and scalability, Verified Permissions became the foundational reference architecture for managing access control across two main scenarios: fine-grained access control and attribute-based access control. Convera's Payment platform serves diverse users, including customers, internal staff, and machine-to-machine communications, each requiring different access control mechanisms.

Verified Permissions enabled Convera to define complex authorization rules using Cedar policy languages, evaluate multiple attributes like , transaction amounts, and geographic locations, and make high-performance authorization decisions in milliseconds. This allowed Convera to protect sensitive financial data while maintaining operational efficiency across their global network.

Benefits of Verified Permissions

The implementation of Verified Permissions provided Convera with a scalable, secure, and auditable way to enforce role-based and attribute-based access control. This enabled Convera to ensure that internal and external users had access only to the resources and actions they were explicitly authorized for, while maintaining flexibility to adapt to evolving business needs.

Scalability and Performance

Verified Permissions demonstrated high-performance characteristics, with millisecond-level authorization decisions, allowing Convera to process a large volume of payment transactions without compromising security or performance. The scalability of Verified Permissions enabled Convera to support their growing user base and increasing transaction volumes without requiring significant infrastructure investments.

Security and Compliance

The implementation of Verified Permissions helped Convera to protect sensitive financial data and maintain compliance with relevant regulatory requirements. The use of Cedar policy languages and attribute-based access control enabled Convera to define and enforce complex authorization rules and ensure that access control mechanisms were aligned with their business policies and regulatory obligations.

Conclusion

In conclusion, the implementation of Verified Permissions enabled Convera to build a fine-grained authorization model for their API platform, protecting sensitive financial data while maintaining operational efficiency across their global network. The use of Verified Permissions demonstrated the benefits of a scalable, secure, and auditable access control solution, and its potential to support the growing payment processing needs of businesses and financial institutions worldwide.