ModernizationEnterprise

Centralized Outbound API Management for SBM Integrations in Insurance

Managing outbound traffic to SBM services through an API Gateway to improve security, observability, and rate limit control

Client

Insurance Company

Timeline

1 Mounth

Key Results

Cache

Duplicate Requests

Api Gateway

Rate Limit Control

%100

Traffic Visibility

%100

Outbound SBM Traffic

Vault

Credential Management

The Challenge

In the insurance sector, integrations with the Insurance Information Center (SBM) are critical for core business processes. In the customer environment, multiple applications were directly calling SBM services, resulting in an unmonitored and hard-to-control outbound traffic pattern. Additionally, SBM-enforced rate limits and credential management required a more centralized and secure approach.

Our Solution

A dedicated API Gateway was deployed in the DMZ to centrally manage all outbound traffic to SBM services. The gateway securely retrieved credentials from CyberArk, handled token management, reduced duplicate requests through response caching, and enforced SBM rate limits at the gateway level. This approach enabled a secure, observable, and controlled outbound integration architecture.

Centralized Outbound API Management for SBM Integrations in Insurance

Background

Insurance companies rely heavily on SBM services for processes such as vehicle registration and policy validation. When multiple applications access SBM services directly over the internet, security, observability, and cost control become increasingly difficult.

In this project, the customer lacked a centralized outbound integration layer for SBM traffic, leading to limited visibility and operational risks.

Key Challenges

The existing SBM integration model introduced several challenges:

Lack of centralized visibility into outbound traffic to SBM services
Difficulty in proactively managing SBM-enforced token rate limits
Security risks caused by embedding SBM credentials in application integrations
Performance and cost issues due to duplicate SBM requests
Absence of centralized logging and monitoring for SBM traffic

Our Approach

To address these challenges, a centralized outbound API governance model was implemented:

Deploying a dedicated API Gateway in the DMZ on a virtual machine
Routing all application calls to SBM through the API Gateway
Allowing the gateway to securely access SBM services over the internet
Retrieving SBM credentials dynamically from CyberArk at runtime
Caching SBM access tokens to avoid unnecessary token service calls
Implementing response caching to prevent duplicate SBM requests
Reducing duplicate and chargeable responses, especially for Notary Union–based queries
Defining SBM rate limits at the gateway level and generating early alerts
Providing full observability through detailed logs and dashboards

Technology Stack

IBM webMethods

Redis

Elasticsearch

NGINX

Results & Impact

With this solution, the customer transformed SBM integrations from an uncontrolled outbound traffic pattern into a secure and centrally managed architecture. Rate limits were proactively controlled, credentials were securely managed, duplicate requests were minimized, and full operational visibility into SBM traffic was achieved.

SBM integrations are critical for our business continuity. By managing all outbound traffic through the API Gateway, we significantly improved security, gained control over rate limits, and reduced unnecessary costs. We now have full visibility into our SBM traffic.
— Anonymous
IT Director, Insurance Sector

Back to all case studies

ModernizationEnterprise

Centralized Outbound API Management for SBM Integrations in Insurance

Managing outbound traffic to SBM services through an API Gateway to improve security, observability, and rate limit control

Client

Insurance Company

Timeline

1 Mounth

Key Results

Cache

Duplicate Requests

Api Gateway

Rate Limit Control

%100

Traffic Visibility

%100

Outbound SBM Traffic

Vault

Credential Management

The Challenge

Our Solution

Background

In this project, the customer lacked a centralized outbound integration layer for SBM traffic, leading to limited visibility and operational risks.

Key Challenges

The existing SBM integration model introduced several challenges:

Lack of centralized visibility into outbound traffic to SBM services
Difficulty in proactively managing SBM-enforced token rate limits
Security risks caused by embedding SBM credentials in application integrations
Performance and cost issues due to duplicate SBM requests
Absence of centralized logging and monitoring for SBM traffic

Our Approach

To address these challenges, a centralized outbound API governance model was implemented:

Deploying a dedicated API Gateway in the DMZ on a virtual machine
Routing all application calls to SBM through the API Gateway
Allowing the gateway to securely access SBM services over the internet
Retrieving SBM credentials dynamically from CyberArk at runtime
Caching SBM access tokens to avoid unnecessary token service calls
Implementing response caching to prevent duplicate SBM requests
Reducing duplicate and chargeable responses, especially for Notary Union–based queries
Defining SBM rate limits at the gateway level and generating early alerts
Providing full observability through detailed logs and dashboards

Technology Stack

IBM webMethods

Redis

Elasticsearch

NGINX

Results & Impact

SBM integrations are critical for our business continuity. By managing all outbound traffic through the API Gateway, we significantly improved security, gained control over rate limits, and reduced unnecessary costs. We now have full visibility into our SBM traffic.
— Anonymous
IT Director, Insurance Sector