Tyk and Resurface Labs – Advanced runtime API security

Attacks on APIs in production are increasing both in frequency and complexity. API security has never been more critical. Tyk is making it easier for the Tyk community to address these risks. We are delighted to announce a new technical partnership with API Security specialists Resurface Labs. They will join existing Tyk ecosystems partners such as Postman, Okta and AWS.

Tyk and Resurface Labs make it easy to add advanced API security to your production API environment. Resurface Labs are past winners of Tyk Community Awards, and have recently updated the Tyk Pump extension for Resurface Runtime API Security so that Tyk users can now quickly and easily add API security monitoring and attack detection to their Tyk deployment. 

Leveraging Tyk Pump, the Resurface API Security solution captures REST and GraphQL based API transactions (both client request and server response), analyzing each for attacks, threats, and weaknesses.You can now have a powerful security lens for monitoring, detecting, and inspecting all header and payload data in each API transaction, covering a wide range of inbound attacks, as well as weaknesses and flaws in API responses. 

Resurface and Tyk together provide unprecedented security-centric observability, so that you can proactively protect your organization before, during, and after API attacks. Resurface is a perfect addition for users of Tyk Open Source Gateway & Pump as well as users of Tyk’s Full-Lifecycle API Management solution who are looking to increase their API security capabilities.

Critical API security use cases and key industry security standards

Leveraging Tyk Pump capabilities to capture API transaction traffic, Resurface stores production API data in a local security lake where each transaction is fully analyzed and enhanced with security metadata.


With this unique, data-centric approach to API security, Resurface supports a range of critical API security use cases:

  • Monitor production API environment for attacks and threats that have bypassed existing security measures (i.e. extend “security in depth” to include APIs)
  • Extend gateway authn/authz capabilities to investigate and identify code-level access issues (e.g. broken object level access – BOLA)
  • Identify coding/design issues in production APIs that were not evident in AppSec testing environments
  • Analyze, capture, and correlate API traffic data over days and weeks to identify advanced attack methods, difficult to detect with only an API gateway

Resurface is also designed specifically to address key API vulnerabilities and security risks identified by the OWASP Foundation:

Resurface in action

When an API attack hits, Resurface’s runtime data analysis helps you identify the scope of an attack and initiate remediation of incidents in seconds – no scripting required with Resurface’s no-code custom signatures.

Resurface adapts to an organization’s unique API infrastructure, threat profile, and risk tolerance – helping you lower your MTTD and MTTR and minimize your attack surface from the most advanced threats.

Runtime API Security begins with data and analysis

The API security experts at Resurface have created an API transaction analysis process that tags each transaction with security metadata based on detected security issues.Combined with the full transaction header and body data, this metadata establishes a security context that powers Resurface’s detection queries and correlations which power the API security detections and alerts in the Resurface console:

Resurface’s highly performant and extensible API security data lake is the foundation for multiple API security features, including: 

  • Full API header and body data preserved with security tagging for fast and effective investigation and determination efforts
  • Runtime API Security Alerts with customized remediation guidance
  • Over 60 out-of-the-box detections with the ability for customers to create customized, no-code detections specific to their API environment 
  • Forensic and retrospective analysis to understand API attack methods, patterns, trends, origins, etc.

Resurface API Security aligns with specific Tyk customer needs

The tight integration and business-model synergy between Tyk and Resurface API Security makes this a powerful API security combination for Tyk customers and community.


Data Sovereignty and Regulated Industries – The Resurface Security Data Lake and console is deployed inside your network within your data security boundary.Resurface is unique in the API security market in that it is not a SaaS solution, and your data is never, ever moved outside your network to a 3rd-party environment.By design, Resurface ensures compliance with data sovereignty, privacy, and protection regulations and requirements.

DevOps Efficiencies – Resurface is a modern, containerized solution that quickly deploys into your Kubernetes environment via a Helm chart. The console and the security data lake are implemented as a seal-container set, so you won’t be scrambling to manage yet another database.Resurface can also be expanded by simply adding incremental nodes as usage requires.

Open Source Data Layer – The Resurface API Security Data Lake is built from the ground up on an open source model. The core data lake technology is the highly scalable distributed query engine Trino. Resurface’s Tyk Pump extension and data collectors (K8s daemonset, HTTP sniffers, logging libraries, etc.) are open source, as well as the Resurface data storage and SQL query models.

This open source data layer approach makes Resurface API security data available to:

  • SIEMs, SOAR, XDR and other security tools
  • Enterprise-level analytics, reporting, and dashboarding packages 
  • Machine learning model creation and population pipelines 

Note: Those who wish to use the Resurface API Security Console will need to purchase a license.