Skip to main content

What you can do with Pangea

What is Pangea?

Pangea is a collection of security services, all API-based, that can be quickly and programmatically added to any application. It's similar to AWS for Compute APIs, Twilio for Communications APIs, and Stripe for Billing APIs. Pangea offers Security APIs for cost-effective and effortless composable application security.

Pangea services

Essential Security

  • AuthN - Add secure login and user management to your app
  • AuthZ - Implement fine-grained authorization policies that are portable, auditable, and independent of your language or framework
  • Secure Audit Log - Enable tamperproof audit trail
  • Vault - Protect secrets and cryptographic keys

Data Protection

  • Secure Share (Beta) - Securely share and store files
  • Sanitize (Beta) - Cleanse files from unwanted content


  • Redact - Remove sensitive information
  • Embargo - Limit access by country

Threat Intelligence

  • File Intel - Detect known malicious files
  • IP Intel - Detect known malicious IPs, VPNs, and proxies, as well as retrieve IP reputation and geolocation data
  • Domain Intel - Detect known malicious domains, get domain reputation
  • URL Intel - Detect known malicious URLs
  • User Intel - Identify breached credentials

Threat Analysis

There is a generous free tier available to help you get started, with pay-as-you-go pricing beyond the free tier.

How you use Pangea

With Pangea being a cloud-based platform and set of services, everything starts with registering for an account. This will automatically create an organization and project for you in the cloud operating region you select. Pangea has a generous free tier; therefore, no credit card is required to use Pangea. For expanded usage, you may need to enter a credit card.

Next, you will need to select a service you want to integrate into your application. When you instantiate or configure that service, you obtain a token for that service. The token is used to authenticate your application to the service and, more specifically, authenticate to your instance or configuration of the service. You'll need to include this token in the API calls made by your app against the service. Each API call will return JSON, where the response contents are specific to the API that was executed. Your application code will then process the JSON contents.

These generic steps are repeated for each service you choose to use from Pangea.

What's happening behind the scenes?

While your application simply makes a single API call against a service, the Pangea infrastructure manages the rest. Pangea's microservice architecture includes an API gateway for routing requests and responses, billing and metering, authentication, and of course, the components to support the services of interest (e.g., Secure Audit Logging, Redact, Embargo).

These components are available in many CSPs and regions across the world and are responsible for fulfilling the request quickly, in the geographic territory that you've configured. The benefit to a builder with this is that Pangea manages the complexity of things like GDPR data residency, service resiliency, redundancy, regional availability, and performance – so you don't have to.

What's a service, why do you build it, and why do you care?

The term service can carry many meanings in different contexts. Pangea itself is a service. However, an application builder is not integrating Pangea specifically. Instead, a builder will integrate one or many of the services that are hosted on the Pangea platform.

Application builders use Pangea because it accelerates the delivery of their applications and increases inherent security in the application by way of using Pangea's API-driven security services rather than building and staffing in-house.

Pangea also helps builders become compliant faster. Becoming compliant with GDPR, SOC2, PCI, HIPAA, and ISO27001 is hard and takes a lot of time, especially when you are building an application from scratch. The security services and APIs from Pangea can help remediate any gaps in your compliance assessment.

A word about integrating in Application Run Time:

Application security and the term "security APIs" are growing in definition and can be confusing. In Pangea's context, we're specifically suggesting an approach where a builder is putting security services, via API, in line with application code that is invoked during the application runtime. This is effectively embedding security directly into an application. Let's be clear about what this does not mean - this is not about securing the application development process or the build time of an application. Here are some great examples to illustrate what we mean by integration in the application run time:

  • Each time a user logs into a builder's application, embed in the application code a reputation check against their origin IP address. This reputation check is executed at run time.
  • Each time a file is exchanged in a file sharing transaction, embed in the application code a file detonation procedure against the file being exchanged. This file detonation is executed at run time.
  • Each time a patient record is accessed in a healthcare application, embed in the application code a logging event call to a tamperproof audit logging service.

Was this article helpful?

Contact us