• AWS Architecture Blog How Convera built fine-grained API authorization with Amazon Verified Permissions Convera processes billions in cross-border payment volume yearly for businesses and financial institutions worldwide. • As their platform grew, they needed a robust authorization system that could protect sensitive financial data while maintaining operational efficiency across their global network. • In this post, we share how Convera used Amazon Verified Permissions to build a fine-grained authorization model for their API platform. • Background As Convera’s service offerings expanded, they needed a scalable, secure, and auditable way to enforce role-based and attribute-based access control. • Their goal was to make sure users, both internal and external, had access only to the resources and actions they were explicitly authorized for, while maintaining flexibility to adapt to evolving business needs. • Initially, Convera explored building an in-house access control solution.
Article Summaries:
- Convera, a global cross‑border payment platform, adopted Amazon Verified Permissions to replace an in‑house access‑control system. The move was driven by the need for a scalable, auditable, role‑ and attribute‑based model that could protect sensitive financial data while remaining operationally efficient. Verified Permissions integrates directly with Amazon Cognito and API Gateway, uses the Cedar policy language for complex rules, and delivers millisecond‑level decisions. The solution supports fine‑grained access for diverse users-customers, staff, and machine‑to‑machine calls-and enables strict multi‑tenant isolation by evaluating tenant ownership, roles, and contextual attributes. This architecture now underpins Convera’s payment APIs.
Sources: