On this page
From government data to public services: APEX ensures every API request is securely authenticated and authorised with the right level of security
Securing APIs should not be a guessing game. With APEX Universal Inbound Security, inbound security is standardized across all APIs hosted on the platform, giving consumers a consistent and reliable way to connect, and giving publishers the confidence that their APIs are always protected in line with government standards.
APEX removes the complexity of juggling different security implementations for different APIs. Whether your API serves sensitive or public-facing information, we provide a unified and consistent framework that ensures every request is properly authenticated before any requests reaches your API Servers.
Three authentication methods, one consistent experience
1. JWT Authentication
Ideal for direct, server-to-server integrations. Self-signed JWT tokens ensure that every API call is tamper proof and replay proof. Payload integrity is verified with every request, delivering strong security without sacrificing performance.
2. OAuth 2.1 with Corppass (Singpass coming soon)
Perfect for scenarios where applications require end user consent. With built-in scope support, tokens only grant access to exactly what the user has approved. Fully compliant with government identity systems, ensuring sensitive data remains secure.
3. API Key
The simplest option for less sensitive APIs that still require protection. Lightweight and easy to implement, API keys make it quick for consumers to start integrating.
The benefits
Learn once, use everywhere
With universal inbound security, consumers master the process a single time and can seamlessly apply it across multiple APIs hosted on the APEX platform.
Flexible by design
Select the authentication method that best suits your API without needing to build it from scratch.
Built for compliance
Every option meets strict government security and governance standards, freeing API publishers from the burden of building, maintaining, and updating their own authentication systems.
Faster integration
Consistent workflows mean developers spend less time deciphering requirements and more time delivering value.
Ready for the future
Designed to adapt to new authentication methods like Singpass and beyond.
Relevant guides for API Universal Inbound Security
Understanding the types of API authentication used in APEX
As a publisher, learn more about what inbound security will best fit your API use case
Consuming APIs with JWT Auth
As a consumer, learn the end-to-end requirements for consuming an API protected by APEX's JWT Auth
Consuming APIs with OAuth 2.1
As a consumer, learn the end-to-end requirements for consuming an API protected by APEX's OAuth 2.1
Interested in onboarding your APIs to APEX or have any questions?
Reach out to us or read our documentation for more details