Defining security scheme components

A security scheme component specifies all the settings for a particular aspect of API security; for example, the user registry that you use to authenticate access to the API.

Note:
  • This task relates to configuring an OpenAPI 3.0 API definition. For details on how to configure an OpenAPI 2.0 API definition, see Editing an OpenAPI 2.0 API definition.
  • OpenAPI 3.0 APIs are supported only with the DataPower® API Gateway, not with the DataPower Gateway (v5 compatible).
  • For details of current OpenAPI 3.0 support limitations, see OpenAPI 3.0 support in IBM® API Connect.

You can complete this task either by using the API Designer UI application, or by using the browser-based API Manager UI.

You can create security definitions of the following types:
Type Description
Basic authentication Use a basic authentication security definition to specify a user registry or an authentication URL to be used to authenticate access to the API.
API key Use an API key security definition to specify what application credentials are required to call an API.
OAuth2 Use an OAuth2 security definition to specify settings for OAuth token based authentication for your API.
HTTP Bearer Use an HTTP Bearer definition to specify how to validate the Bearer token that is required to call an API.