Hi, I'm Ask INFA!
What would you like to know?
ASK INFAPreview
Please to access Ask INFA.

Table of Contents

Search

  1. Preface
  2. API policies
  3. Security policies
  4. CORS policies
  5. Rate limit policies
  6. Response caching policies
  7. Privacy policies
  8. IP filtering policies
  9. Third-party authentication and authorization

API Policies

API Policies

OAuth 2.0 authentication

OAuth 2.0 authentication

OAuth 2.0 is a protocol for authorization that provides specific authorization flows for web applications and helps in the secure transmission of information between API consumers and web services. You can create an OAuth 2.0 authentication policy to assign to APIs or operations that invoke a process that uses basic authentication.
API Center uses the client credentials grant type for OAuth 2.0 authentication. To enable OAuth 2.0 authentication, you must create an OAuth 2.0 client. You specify the credentials of an organization user with access to run managed APIs and managed API groups that can use the client for authentication, and generate client credentials.
Client access tokens that you use for OAuth 2.0 authentication time out after a defined timeout period. After a token times out, you can't use it. You must regenerate the token. You set the timeout when you create the OAuth 2.0 client, and you can change it later.
You can now assign multiple managed APIs and managed API groups to a single OAuth 2.0 client. You can create a single OAuth 2.0 client to grant access to specific API sets, simplifying authorization control. Disabling or deleting an OAuth 2.0 client invalidates its authorization token, preventing unauthorized API access.

0 COMMENTS

We’d like to hear from you!