BNY Mellon Case Study: Securing Financial Data with miniOrange REST API Security
BNY Mellon, a leader in the financial industry, faced a significant challenge in securing their Jira REST API. They needed a reliable solution for validating custom JWTs and ensuring secure API access. miniOrange's Enhanced API Authentication provided a robust, seamless integration to meet their security and compliance needs.

The Challenge
BNY Mellon, a cornerstone of the financial industry, faced a complex challenge in their digital transformation journey. They needed to:
BNY Mellon needed a secure way to validate custom JWTs for Jira REST API authentication
BNY Mellon needed a simple yet highly secure way to control who could access their Jira REST APIs. The main challenge was validating custom JWTs using a public certificate—while still making sure the right users were identified and authenticated without adding complexity.
As a global financial institution, BNY Mellon has to follow strict security rules. They were looking for a solution that could automatically check JWT tokens, pull user details like email or username from the payload, and make sure only verified users could interact with Jira APIs. Most importantly, they needed all of this to work smoothly with their current systems, without causing delays or requiring extra manual steps.
The Solution: miniOrange's Secure API Integration for Enterprises
To address BNY Mellon's needs, miniOrange deployed its Enhanced API Authentication for Jira with API Key/JWT, specifically designed to meet security requirements and align with the standard protocol.
Enhanced API Authentication for Jira
To solve BNY Mellon’s challenge, miniOrange implemented its Enhanced API Authentication for Jira, a powerful solution designed to secure REST API access using custom JWT validation. The plugin seamlessly integrates with existing identity providers, verifies JWTs using public certificates, and extracts user information directly from the token payload. This setup ensures that only authenticated users can access Jira APIs, all while aligning with BNY Mellon's strict compliance requirements and without disrupting existing workflows.
The Outcome: Secure, Compliant, and Hassle-Free API Access
Following the implementation of miniOrange’s Enhanced API Authentication, BNY Mellon significantly strengthened its Jira API security. The ability to validate custom JWTs using a public certificate ensured that only verified and trusted requests were processed. This eliminated unauthorized access attempts and helped the organization meet strict internal and regulatory compliance requirements with ease.
Beyond security, the solution delivered a smooth and uninterrupted experience for both users and administrators. API performance improved noticeably, while the automated validation process reduced the need for manual intervention. miniOrange’s seamless integration with BNY Mellon’s existing systems meant there was no disruption to day-to-day operations—just a smarter, safer way to manage API access.
About BNY Mellon
BNY Mellon is a global financial institution and one of the oldest banks in the United States, known for providing investment management and financial services to institutions and individuals worldwide. With a strong focus on innovation and compliance, the company continuously modernizes its digital infrastructure to meet evolving security and regulatory demands.