Applying security definitions to an API operation

You can specify whether or not an API operation inherits the security definitions that have been created in the containing API.

About this task

You can choose to inherit all the security definitions, or you can individually select the security definitions that you want to inherit.

For information on creating security definitions in an API, see Creating a security definition.

Note: The API Manager UI also includes the ability to apply security definitions. However, the preferred method for these tasks is by using the API Designer UI, as described here. Any steps that are specific to a particular UI are marked with an icon.

Procedure

To specify the security definition inheritance settings for an API operation, complete the following steps:

Click APIs.
The APIs tab opens.
If you have not previously pinned the UI navigation pane then click the Navigate to icon .
The API Manager UI navigation pane opens. To pin the UI navigation pane, click the Pin menu icon .
Click Drafts in the UI navigation pane, and then click APIs.
The APIs tab opens.
To specify the security definition inheritance settings for an operation in an existing API, click the API you want to work with. To create a new API and API operation before specifying the security definition inheritance settings, see Creating API definitions and Defining Paths for a REST API.
Navigate to the Paths section.
In the Paths section, click the required operation to display its details.
In the Security subsection, select the security definitions that you want to apply, or select Use API security definitions to apply all security definitions.

Note: If you select an OAuth security definition for protecting a consumer API, you must also include an API key security definition, as the X-IBM-Client-Id or client_id must be included in the security credentials so that the correct Plan configuration settings can be enforced.
Click the Save icon to save your changes.