Skip to main content

Custom API Domain

Overview

A Custom API Domain allows LoginRadius to apply customer-specific security and performance controls at the edge.

Instead of relying solely on shared backend protections, API traffic can be protected, filtered, and optimized at the domain level before it reaches LoginRadius infrastructure.

This provides stronger protection against malicious traffic while improving performance and request handling.

Why This Matters

Applying security controls before requests reach the authentication infrastructure reduces system load, improves performance, and blocks malicious traffic earlier in the request lifecycle.

Common Use Cases

A custom API domain is particularly valuable for applications that require enhanced security, performance predictability, or compliance controls.

Security-Sensitive Applications

Industries such as financial services, telecom, loyalty programs, and media platforms often face targeted attacks including:

  • Credential stuffing
  • Brute-force login attempts
  • Automated API abuse

A custom domain enables additional security layers at the edge to mitigate these risks.

Compliance & Regional Access Controls

Organizations operating in regulated environments may need to enforce:

  • Geo-based access restrictions
  • Data residency policies
  • GDPR or regional compliance requirements
  • Internal security governance

Custom API domains allow these policies to be applied before API requests reach LoginRadius systems.

Dedicated Performance & Workload Isolation

Some organizations require stronger traffic isolation and predictable system behavior.

A custom API domain supports:

  • Dedicated application deployment
  • Workload separation
  • Reduced cross-tenant impact

High-Traffic Events or Campaigns

(Single Tenant Deployment)

Applications expecting sudden spikes in authentication traffic benefit from edge-level controls.

Examples include:

  • Marketing campaigns
  • Live events
  • Flash sales
  • Seasonal promotions

These controls help maintain stable performance during traffic surges.

Best Practice

Organizations running large user events or campaigns should enable edge protections to prevent unexpected traffic bursts from impacting authentication services.

Capabilities Enabled by Custom API Domains

With a custom API domain, LoginRadius can enable:

  • Advanced WAF policies
  • Enhanced edge rate limiting
  • Advanced bot protection
  • Geo-blocking and regional access control
  • Dedicated workload isolation

1. Advanced WAF Policies

A custom API domain allows LoginRadius to implement advanced Web Application Firewall (WAF) controls tailored to your API traffic patterns.

Description

Instead of generic shared protection rules, your API domain can use custom WAF policies designed around your application behavior and risk profile.

These policies can be updated in real time without affecting other tenants on the platform.

Key Benefits

  • Define custom rules for specific API endpoints
  • Detect API-specific attack patterns
  • Adjust security rules without impacting other customers
  • Improve protection against targeted API abuse
note

WAF rules are configured based on traffic patterns, application behavior, and risk tolerance.

2. Enhanced Rate Limiting

Rate limiting behavior changes significantly when a custom API domain is enabled.

Current Behavior

When a custom domain is not enabled:

  • Rate limiting occurs after requests reach LoginRadius APIs
  • Limits are enforced based on the API key
  • Backend services must process incoming requests before throttling

Limitations

  • Backend resources may receive excessive traffic
  • Protection occurs later in the request lifecycle
Edge Protection Advantage

Moving rate limiting to the edge significantly improves API stability, performance, and attack resilience.

3. Advanced Bot Protection

Custom API domains support intelligent bot detection tuned for authentication traffic patterns.

Description

Traffic is analyzed by a bot detection engine using:

  • Behavioral analysis
  • Heuristic models
  • Machine learning detection

This system differentiates between:

  • Legitimate users
  • Trusted automation
  • Malicious bots

Key Benefits

  • Detects malicious automation
  • Prevents credential stuffing
  • Blocks scripted abuse
  • Supports customizable protection rules
tip

Bot protection becomes especially important for public authentication APIs, which are common targets for automated attacks.

4. Geo-Blocking and Regional Access Controls

Custom API domains allow LoginRadius to enforce regional traffic policies at the edge.

Description

Organizations can define country or region access rules aligned with:

  • Business operations
  • Security requirements
  • Regulatory policies

Key Benefits

  • Allow or block specific geographic regions
  • Reduce exposure to high-risk locations
  • Enforce compliance-driven traffic policies
  • Prevent unwanted traffic before authentication requests are processed
note

Geo restrictions are enforced before requests reach the LoginRadius identity services, reducing unnecessary system load.

Conclusion

For organizations requiring advanced security, compliance controls, or predictable performance, enabling a Custom API Domain provides significant benefits.

Key improvements include:

  • Edge-level security enforcement (WAF, bot protection, geo controls)
  • Edge-based rate limiting for improved traffic protection
  • Dedicated workload separation for consistent performance
  • Reduced impact from cross-tenant traffic activity

Next Steps

To enable a Custom API Domain for your LoginRadius tenant:

  1. Contact your LoginRadius Customer Success Manager
  2. Review security and deployment requirements
  3. Plan the domain configuration and rollout timeline

LoginRadius will work with your team to design, configure, and deploy the custom API domain aligned with your security and performance goals.