https://community.checkpoint.com/t5/WAF/GA-Authentication-Enforcement-for-Check-Point-WAF/m-p/270803#M377 <P><STRONG>Now GA: Authentication Enforcement for API Protection&nbsp;</STRONG></P> <P><SPAN>APIs are the backbone of modern apps and keeping them secure means more than just spotting bad traffic. You also need to make sure the </SPAN><I><SPAN>right</SPAN></I><SPAN> clients are connecting in the first place. That’s exactly why we built </SPAN><STRONG>Authentication Enforcement</STRONG><SPAN> for Check Point WAF, a new way to make sure only authenticated clients get through to your protected APIs and applications.&nbsp;</SPAN></P> <P><SPAN>Think of it this way. Schema enforcement gives you a positive model of what your API </SPAN><I><SPAN>should</SPAN></I><SPAN> look like, the request structure, the fields and formats you expect, and blocks anything that doesn’t match. It’s hugely effective at stopping accidental misuse and a wide range of attacks like injections or malformed payloads because anything outside the approved schema simply isn’t allowed.&nbsp;</SPAN></P> <P><SPAN>Authentication Enforcement goes a step further upstream: it doesn’t just check the </SPAN><I><SPAN>structure of a&nbsp; request</SPAN></I><SPAN>, it checks the </SPAN><I><SPAN>identity</SPAN></I><SPAN> behind it. Before letting a request get near your sensitive endpoints, it verifies that a valid authentication token is present, that it hasn’t expired, and that its signature checks out. Currently, this is done using JWTs, the standard bearer token used by most modern APIs - with support for additional authentication methods planned in the future.&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Screenshot 2026-02-13 at 10.54.33.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/33298i0EF45A9E5ABFA92D/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2026-02-13 at 10.54.33.png" alt="Screenshot 2026-02-13 at 10.54.33.png" /></span></SPAN></P> <P>&nbsp;<STRONG style="font-family: inherit; background-color: #ffffff;">Here’s why this matters.&nbsp;&nbsp;</STRONG></P> <P><SPAN>An API can look structurally correct, match the schema but still come from an unauthorized or malicious client. Without identity validation, attackers can still probe your API, scrape data, or abuse endpoints that weren’t meant to be public. Authentication Enforcement closes that gap. By understanding who is making the call, it stops unauthorized traffic in its tracks, aligning with zero trust principles that are becoming the baseline for secure API ops.&nbsp;</SPAN></P> <P><SPAN>Best of all, from the defender’s standpoint, this is a natural extension of schema enforcement. Schema rules ask “does this request belong here?” Authentication Enforcement asks “</SPAN><I><SPAN>who</SPAN></I><SPAN> is at the door?” and demands that they present valid credentials. Working together, they give you both </SPAN><I><SPAN>structural</SPAN></I><SPAN> and </SPAN><I><SPAN>identity-based</SPAN></I><SPAN> assurance. It’s a one-two punch that makes your API security far stronger than either check on its own.&nbsp;</SPAN></P> <P><SPAN>Authentication Enforcement is now GA and it’s a big step toward making API access control more robust, integrated, and seamless. Plus, it helps ensure the right clients get access, protects your backend from unauthorized use, and lets you build confidence knowing both intent and identity are part of your security model. It’s just one more way that we are pushing the </SPAN><A href="https://blog.checkpoint.com/securing-the-cloud/waf-security-test-results-2026-why-prevention-first-matters-more-than-ever/?utm_source=linkedin-unpaid&amp;utm_medium=social-media" target="_blank" rel="noopener"><SPAN>best WAF on the market</SPAN></A><SPAN> to get even better in 2026.&nbsp; </SPAN></P> Fri, 13 Feb 2026 16:49:48 GMT TCarrigan 2026-02-13T16:49:48Z https://community.checkpoint.com/t5/WAF/GA-Authentication-Enforcement-for-Check-Point-WAF/m-p/270803#M377 <P><STRONG>Now GA: Authentication Enforcement for API Protection&nbsp;</STRONG></P> <P><SPAN>APIs are the backbone of modern apps and keeping them secure means more than just spotting bad traffic. You also need to make sure the </SPAN><I><SPAN>right</SPAN></I><SPAN> clients are connecting in the first place. That’s exactly why we built </SPAN><STRONG>Authentication Enforcement</STRONG><SPAN> for Check Point WAF, a new way to make sure only authenticated clients get through to your protected APIs and applications.&nbsp;</SPAN></P> <P><SPAN>Think of it this way. Schema enforcement gives you a positive model of what your API </SPAN><I><SPAN>should</SPAN></I><SPAN> look like, the request structure, the fields and formats you expect, and blocks anything that doesn’t match. It’s hugely effective at stopping accidental misuse and a wide range of attacks like injections or malformed payloads because anything outside the approved schema simply isn’t allowed.&nbsp;</SPAN></P> <P><SPAN>Authentication Enforcement goes a step further upstream: it doesn’t just check the </SPAN><I><SPAN>structure of a&nbsp; request</SPAN></I><SPAN>, it checks the </SPAN><I><SPAN>identity</SPAN></I><SPAN> behind it. Before letting a request get near your sensitive endpoints, it verifies that a valid authentication token is present, that it hasn’t expired, and that its signature checks out. Currently, this is done using JWTs, the standard bearer token used by most modern APIs - with support for additional authentication methods planned in the future.&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Screenshot 2026-02-13 at 10.54.33.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/33298i0EF45A9E5ABFA92D/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2026-02-13 at 10.54.33.png" alt="Screenshot 2026-02-13 at 10.54.33.png" /></span></SPAN></P> <P>&nbsp;<STRONG style="font-family: inherit; background-color: #ffffff;">Here’s why this matters.&nbsp;&nbsp;</STRONG></P> <P><SPAN>An API can look structurally correct, match the schema but still come from an unauthorized or malicious client. Without identity validation, attackers can still probe your API, scrape data, or abuse endpoints that weren’t meant to be public. Authentication Enforcement closes that gap. By understanding who is making the call, it stops unauthorized traffic in its tracks, aligning with zero trust principles that are becoming the baseline for secure API ops.&nbsp;</SPAN></P> <P><SPAN>Best of all, from the defender’s standpoint, this is a natural extension of schema enforcement. Schema rules ask “does this request belong here?” Authentication Enforcement asks “</SPAN><I><SPAN>who</SPAN></I><SPAN> is at the door?” and demands that they present valid credentials. Working together, they give you both </SPAN><I><SPAN>structural</SPAN></I><SPAN> and </SPAN><I><SPAN>identity-based</SPAN></I><SPAN> assurance. It’s a one-two punch that makes your API security far stronger than either check on its own.&nbsp;</SPAN></P> <P><SPAN>Authentication Enforcement is now GA and it’s a big step toward making API access control more robust, integrated, and seamless. Plus, it helps ensure the right clients get access, protects your backend from unauthorized use, and lets you build confidence knowing both intent and identity are part of your security model. It’s just one more way that we are pushing the </SPAN><A href="https://blog.checkpoint.com/securing-the-cloud/waf-security-test-results-2026-why-prevention-first-matters-more-than-ever/?utm_source=linkedin-unpaid&amp;utm_medium=social-media" target="_blank" rel="noopener"><SPAN>best WAF on the market</SPAN></A><SPAN> to get even better in 2026.&nbsp; </SPAN></P> Fri, 13 Feb 2026 16:49:48 GMT https://community.checkpoint.com/t5/WAF/GA-Authentication-Enforcement-for-Check-Point-WAF/m-p/270803#M377 TCarrigan 2026-02-13T16:49:48Z https://community.checkpoint.com/t5/WAF/GA-Authentication-Enforcement-for-Check-Point-WAF/m-p/270809#M378 <P>Great!</P> Fri, 13 Feb 2026 16:52:31 GMT https://community.checkpoint.com/t5/WAF/GA-Authentication-Enforcement-for-Check-Point-WAF/m-p/270809#M378 the_rock 2026-02-13T16:52:31Z