Creating a basic authentication security definition

When you create a basic authentication security definition in an API, you provide details of a user registry to be used to authenticate access to the API operations.

Before you begin

IBM® API Connect supports three types of user registries: Authentication URL user registry, LDAP user registry, and Local user registry.

Before you can create a basic authentication security definition in an API, the user registry must exist. To create a user registry, you can use either API Manager or Cloud Manager. When you create a registry in API Manager, it is visible only to your provider organization. When you create a registry in Cloud Manager, you can make it visible to multiple provider organizations.

To create a user registry with API Manager, see Working with user registries.

To create a user registry with Cloud Manager, see User registries overview.

About this task

Note: This task relates to configuring an OpenAPI 2.0 API definition. For details on how to configure an OpenAPI 3.0 API definition, see Editing an OpenAPI 3.0 API definition.

You can complete this task either by using the API Designer UI application, or by using the browser based API Manager UI.

When you use basic authentication, you require API users to provide a valid user name and password to access selected operations. The application developer must also provide an HTTP authorization header in requests that are sent to operations that require basic authentication.

When you use an authentication URL, the user credentials that are provided in the authorization header are validated by the endpoint specified in the URL. If the user is authenticated, IBM API Connect expects an authentication URL to return an HTTP 200 OK response status code. All other HTTP response status codes result in an authentication failure and access is denied.

You cannot apply more than one basic security definition to an API. If you apply a basic security definition, you cannot also apply an OAuth security definition. For information on applying security definitions, see Applying security definitions to an API.

For more information about using an LDAP user registry for authentication, see LDAP authentication.

For information about using an Authentication URL, see Authentication URL user registry.

Procedure

To create a basic authentication security definition, complete the following steps:

  1. In the navigation pane, click Develop icon in the API UI navigation pane Develop, then select the APIs tab.
  2. To create the security definition in an existing API, click the title of the API you want to work with. To create a new API to add the security definition to, see Creating an API definition.
  3. Select Security Definitions and click Add.
  4. Enter a name for the security definition and an optional description.
  5. For Type, select Basic.
  6. Click Choose one... from the section Authenticate using User Registry (optional). Select a user registry.
    Note: The user registries that you can select from are those that are specified in the Sandbox Catalog for the management server and provider organization that you are connected to.

    If you are using the API Manager user interface, the connection details are determined by the API Manager URL that you open, and the user ID with which you log in. If you are using the API Designer user interface, you provide the management server details and user ID in the login window that opens when you first launch API Designer; see Logging into API Connect Designer.

    If you are working offline in API Designer, you must type in the exact name of the user registry.

    You will need to specify the selected user registry in any Catalog to which the API is to be published.

    For details of how to specify the user registries for a Catalog, see Creating and configuring Catalogs.

  7. Click Save to save your changes.

Results

A Basic security definition is now added to the Security Definitions.

What to do next

Apply your security definition to the API, or to one or more API operations. For more information, see Applying security definitions to an API and Applying security definitions to an API operation.