In four easy steps, I’ll show you how to secure REST APIs hosted on IBM API Connect with Client Certificates.
IBM API Connect supports several options to protect REST APIs and those options are well documented in the IBM Knowledge Center. However, some users prefer to see a simple example, especially when they are looking for a way to protect their REST APIs with Client Certificates. This post will outline how to secure your REST APIs hosted on IBM API Connect with Client Certificates.
Step 1: Configure on API Manager
First, open your API Manager user interface from your IBM Cloud console and then navigate to Draft > APIs.
Open the API you would like to configure, then enable the Authenticate application setting in the Lifecycle section. Please make sure you publish the product after saving.
Step 2: Create Client Certificates
Next, create your own Client Certificates to use.
For example:
Step 3: Configure on Developer Portal
Visit your Developer Portal, then create a new App and paste the contents of the client certificates you created in the Step 2. Please note you need to include -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
.
Step 4: Test it!
You can now call the API by specifying the client certificate as X-Client-Certificate
header.
Here is a curl example:
Please note you need to eliminate CRLF from the client certificate. The client certificate must be the same one you put into the App on Developer Portal.
Summary
There are some other options to secure your APIs, such as OAuth or Mutual TLS, and the option you choose depends on your requirements. I hope you find this post useful for when you use Client Certificates with IBM API Connect.