I want to highlight the exceptional support KrakenD provides. We can always expect prompt and thorough responses, I believe this has definitely accelerated our development speed and allowed us to find the right KrakenD feature that fits our needs. – Akanksha Nichrelay, Senior Engineer
Bloom Credit simplifies credit-related services for financial institutions, fintechs and other businesses consuming or producing credit data. Their platform abstracts the complexities of credit bureau connectivity, enabling compliant credit inquiries and accurate payment reporting to the major US credit bureaus. With an expanding service offering - including the recent launch of their Bloom+ service - Bloom Credit required a reliable, secure API gateway to handle all client-facing traffic.
Ensuring Secure, Scalable API Management for Financial Data
Bloom Credit needed a robust API gateway to manage high transaction volumes securely while ensuring consistent, controlled exposure to the internet. Given the sensitive nature of financial data, security, control, and scalability were key concerns.
How KrakenD Centralized and Secured Bloom Credit’s API Traffic
Bloom Credit implemented KrakenD as its API gateway to centralize and secure all external client traffic. KrakenD enabled Bloom to deploy:
- Flexible Endpoint Customization: Using KrakenD’s flexible configuration options, Bloom Credit created various templates that enable them to manage multiple endpoints and customize handling for different use cases. By adding header injection, they simplified integration with their GraphQL engine, Hasura, eliminating the need for another API layer.
- Advanced Authentication and Security: Moving to KrakenD Enterprise allowed Bloom to incorporate the JWK aggregator, supporting four different authentication providers across Bloom Credit and Bloom+ APIs. Additionally, KrakenD’s custom security policies feature enables Bloom to manage distinct scopes and audiences between Ory and Auth0 for their data access and furnishment APIs. This feature has significantly simplified access control for close to 100 endpoints, avoiding the need to develop custom Lua scripts or plugins. For the new B2B2C offering, Bloom+, KrakenD securely signs JWT tokens, reinforcing Bloom’s control over end-customer access.
- Rate Limiting and Traffic Management: KrakenD’s rate-limiting feature manages traffic to prevent abuse, providing Bloom with granular control over API consumption and a predictable service experience for their clients.
- OpenAPI Synchronization: Bloom makes use of the OpenAPI auto-generation, ensuring up-to-date documentation on ReadMe and maintaining consistency across developer pipelines.
You can see an example of the documentation live.
Custom security policies have allowed Bloom to handle complex authorization logic seamlessly across different identity providers, supporting diverse access requirements for nearly 100 endpoints.
Achieving Security, Efficiency, and Scalable Growth with KrakenD
Since implementing KrakenD, Bloom Credit has achieved:
- Centralized API Control: KrakenD serves as the single source of truth for Bloom’s client-facing APIs, eliminating ambiguity in internet exposure and boosting data security.
- Operational Efficiency and Development Agility: With configurable templates, custom security policies, and header injection, KrakenD has streamlined API management and eliminated redundant API layers. The KrakenD team’s prompt and thorough support has further accelerated development, helping Bloom make the most of KrakenD’s features.
- Scalability: KrakenD’s stateless architecture provides Bloom Credit with flexible scalability, enabling it to handle increasing transaction volumes without added complexity.
- Enhanced API Security and Access Control: Custom security policies have allowed Bloom to handle complex authorization logic seamlessly across different identity providers. This enabled a smooth transition between Ory and Auth0 while supporting diverse access requirements for nearly 100 endpoints.
- GitOps operation: An automated pipeline takes care of the deployments of KrakenD, and the gateway is the source of truth of everyhing exposed to the Internet.
