Discover our knowledge. Read our blogs!

Learn more

We build all our solutions with WSO2 and we are proud that we are Platinum Value-Added Reseller of WSO2.

Learn more
42Crunch API Security Platform

42Crunch: the only Enterprise API Security Platform

Audit, Scan and Protect your APIs from code to production by empowering developers with tools to be the driving force behind API security.


Empowers developers to secure their API from design time using a description language they know: security as code.

Enables the introduction of security as early as possible in the API lifecycle: API DevSecOps.

Delivers a unified and integrated platform for development, security and operations teams: single source of truth for API security.

API security as code and DevSecOps

Yenlo is proud reseller of the 42Crunch API security platform. Yenlo offers this API security platform as standalone solution as well as part of Yenlo’s Connext platform. Together, the 42Crunch platform and Yenlo Connext will enable enterprises to make security part of their continuous integration and continuous deployment (CI/CD). The 42Crunch solution lets you describe security as code as part of your OpenAPI specification files, allowing you to entirely automate the API security process, from the very beginning of the API lifecycle. Developers can simply annotate their API contracts to describe the required security policies and we process those annotations to automatically generate an API firewall configured to protect the API.

Audit. Scan. Protect.

1. AUDIT: Run 200+ security audit checks of the OpenAPI specification definition with detailed security scoring to help developers define and strengthen the API contract, creating the ultimate whitelist.

2. SCAN: Scan live API endpoints to discover potential vulnerabilities and discrepancies of the API implementation against the API contract.

3. PROTECT: Configure the 42Crunch API-native micro-firewall straight from the OpenAPI definition: automatically protect APIs and engage pre-defined policies such as rate limiting, JWT validation or payload encryption.


  • At any stage: design, development, testing, runtime - 42Crunch tells you exactly what each security issue is, with specific location in API contract, an explanation of the possible exploit scenario and suggested remediation.
  • Cloud-native architecture means that protection can get added to your existing microservice deployments with no extra infrastructure required.
  • No proprietary formats - the platform leverages the industry standard OpenAPI specification.
  • Hybrid deployment model (management and testing done from the cloud and protection firewall deployed next to your APIs in your current deployment infrastructure) makes getting started and maintaining the system a breeze.


  • 42Crunch gets embedded right into your current tooling: IDEs, code repositories & collaboration platforms, CI/CD - being there right when you need it.
  • Security Audit and Scanning become automated checks ensuring that insecure code never makes it to the master branch and production deployment.
  • Runtime protection policies get automatically redeployed with each API change making sure that you can stay agile without compromising security.


  • 42Crunch dashboards provide common view on all the projects that the enterprise has, all APIs in them, and the state of security for each and every one of them.
  • All teams: API architects, developers, QA, security, operations - get a shared view of API security, its shared definition, and shared understanding of what needs to be done to improve it.
  • 42Crunch integrates with existing collaborative developer tooling such as GitHub, GitLab, or Azure pipelines.

API Security by design


API Native

Addresses natively APIs’ unique security requirements across data validation, authentication, authorization, confidentiality and integrity.

Positive Security Model

The API Contract is the core of the security configuration, allowing to automatically enforce traffic inbound and outbound.

Integrate into CI/CD

Push your OpenAPI definition to your CI/CD pipeline and automatically audit, scan and protect your API.

API Micro-firewall for Kubernetes

Thanks to its low footprint, 42Crunch API Firewall can be deployed at scale on Kubernetes as sidecar proxy. It has been tested on all major cloud platforms, including Azure, AWS, Google Cloud and RedHat OpenShift.

Intuitive User Interface

The intuitive interface makes it easy to get started on day one, and provides real-time Security dashboards with actionable data.

Designed for DevSecOps

Enables a seamless DevSecOps experience from development to deployment through automation.

Download the Factsheet


Fill out the form and we'll send factsheet straight to your inbox!