AIP

ENTERPRISE LOGIN AS A SERVICE (LaaS) & WAF

Identity Managed.
Infrastructure Protected.

AIP is a centralized Master Gateway providing drop-in SDKs that handle your entire authentication flow, strict Role-Based Access Control (RBAC), and active Web Application Firewall (WAF) threat mitigation.

How The Gateway Works

Client Frontend

Users interact with your website or app.

AIP Master Gateway

Intercepts, verifies Identity, and scans for threats.

Client Backend

Receives perfectly clean, verified traffic.

The 3-Tier Banning Engine

Level 1 (Session): Revoke individual active user tokens instantly.

Level 2 (Device): Shadow-ban specific browser fingerprints.

Level 3 (Nuclear IP): Drop all traffic from a malicious network block.

Live API Telemetry & Quotas

Real-time monitoring of your application's traffic limits and active resource allocations.

Calls Per Min

0 / 100

Calls Per Day

10 / 10,000

Calls Per Month

56 / 100,000

Lifetime Quota

56 / 1,000,000

IAM Team Members (Staff)

Allocated 2 / 6

Daily Email Quota (OTP/Invites)

Allocated 7 / 100

The Active Edge Configuration Engine

Clients are empowered with granular control over their Active Policies. The dashboard allows instant deployment of 16+ core security protocols directly to the Redis cache, requiring zero server restarts.

Core WAF Engine

1. Anti-SQLi Protection Automatically detects and drops payloads containing database manipulation commands.
2. Custom SQLi & XSS Keywords Allows clients to hardcode specific rogue script tags or keywords for instant blocking.
3. XSS Protection Defends against Javascript injection payloads in forms and inputs.
4. Max Payload Limiter Stops Buffer Overflow attacks by explicitly rejecting massive request bodies.

IAM Authentication Rules

5. Dynamic RBAC Engine Intercepts routes and checks if the user's role has permission, powered by an Intelligent Route Scanner.
6. Enable Email OTPs Dispatches a secure 6-digit code via email upon login for strict verification.
7. Passwordless Auth (Email+OTP) Allows users to completely skip traditional passwords and authenticate via email tokens.
8. Single Device Enforcement Logging in immediately kicks the user out of any other active devices.
9. Auto-Renew & Expiry Rules Granular control over Session Auto-Renew times, OTP expiry, and Password Reset Link life spans.

Network & Threat Control

10. Active Session Banning Kill specific user session tokens instantly from the dashboard.
11. Device Fingerprint Banning Shadow-bans a specific browser signature, stopping attackers even if they swap accounts.
12. Nuclear IP Banning Strictly drops traffic from malicious IP addresses at the edge network.
13. Headless Bot Detection Intercepts automated headless browsers (like Puppeteer or Selenium).
14. Strict IP & CORS Allowed Lists Prevents unauthorized frontend websites from pinging the API.
15. Multi-Tier Rate Limiting Enforces traffic caps per minute, day, and month to prevent DDoS attacks.
16. CAPTCHA Validation Forces a Cloudflare verification challenge to halt brute-force bot logins.

Active Quarantine Zones

Threat Ledger & Incident Response

Monitor unauthorized access attempts, RBAC violations, and WAF blocks in real-time.

Threat Intelligence	Network & Device	Incident Details	Response Actions
Blocked Request Reason: RBAC Violation	127.0.0.1 Unknown Device	INTERNAL DELETE /api/appointments/12 Mar 07, 2026 - 11:25 AM	Restricted by Admin

Algorithmic Behavioral Trust Scores

Move beyond static rules. The AIP WAF engine calculates a dynamic Trust Score for every user identity. Every user starts with a perfect score of 100. The algorithm dynamically deducts points based on bad API behavior.

Real-Time Deduction Engine

-20 Pts Account Sharing: The same email logged in from 3+ distinct IPs.
-2 to -20 The Snooper: RBAC violations escalate rapidly on repeat offenses.
-5 Pts The Spammer/Struggler: Rate limits or failing passwords repeatedly.

The Healing Algorithm: Good behavior is rewarded. Users naturally regain +1 Point for every hour they go without triggering a security violation.

Live Dashboard Mockup

admin@client.com

CLEAN RECORD

100

IAM & The Intelligent Route Scanner

Manage roles, invite team members, and strictly control application access via AI-discovered routes.

Team Members

USER	ASSIGNED ROLE	STATUS
admin_super admin@client.com	owner	● Active
manager_01 manager@client.com	school_admin	● Active

Access Control: admin_super

Intelligent Scanner Active: The Master Gateway automatically registers routes and buttons as they are used. The AI Scanner will instantly detect it and place it here.

GET /api/billing

DELETE /api/appointments/12

Developer Security Guide & SDKs

Industry-standard guidelines and native drop-in SDKs to secure your infrastructure.

1. Never Hardcode Secrets

Store all API keys inside a .env file. Never upload that file to the internet.

2. Use Prepared Statements

Always use Parameterized Queries to prevent lingering SQL Injection vectors.

3. Smart Traffic Batching

Implement request queueing on heavy routes to prevent memory crashes during spikes.

4. Principle of Least Privilege

Use the AIP RBAC Manager to restrict your team and database users strictly to what is needed.

javascript

npm install aip-master-node

const aipGuard = require('aip-master-node');
// 🔴 PRIVATE ROUTE (Requires Login AND WAF Protection)
app.get('/dashboard', aipGuard({ requireLogin: true }), (req, res) => {
    res.send(`Welcome to the secure zone, ${req.user.name}!`);
});

Identity Managed.Infrastructure Protected.