US Patent 11681568 Method and apparatus to reduce the window for policy violations with minimal consistency assumptions

Some embodiments provide a method for authorizing application programming interface (API) calls on a host computer in a local cluster of computers. The method is performed in some embodiments by an API-authorizing agent executing on the host computer in the local computer cluster. From a remote cluster of computers, the method receives (1) a set of API-authorizing policies to evaluate in order to determine whether API calls to an application executing on the host computer are authorized, and (2) a set of parameters needed for evaluating the policies. With the remote cluster of computers, the method registers for notifications regarding updates to the set of parameters. The method then receives notifications, from the remote cluster, regarding an update to the set of parameters, and modifies the set of parameters based on the update. In some embodiments, the notification includes the update, while in other embodiments the method directs the remote cluster to provide the update after receiving the notification regarding the update. In addition to the notifications, the method periodically polls the remote cluster to retrieve the set of parameters needed for the received set of policies, in order to supplement data received through the notifications.