Defining basic authentication security schemes
A basic authentication security scheme is used when an application that calls the API is required to authenticate through a user registry.
Before you begin
- Authentication URL
- LDAP
- OpenID Connect (OIDC)
- Local User Registry (LUR)
- A custom user registry
Before you can create a basic authentication security definition in an API, the user registry must exist. To create a user registry, you can use either API Manager or Cloud Manager. When you create a registry in API Manager, it is visible only to your provider organization. When you create a registry in Cloud Manager, you can make it visible to multiple provider organizations.
To create a user registry with API Manager, see Working with user registries.
To create a user registry with Cloud Manager, see User registries overview.
About this task
You can complete this task either by using the API Designer UI application, or by using the browser-based API Manager UI.
When you use basic authentication, you require API users to provide a valid user name and password to access selected operations. The application developer must also provide an HTTP authorization header in requests that are sent to operations that require basic authentication.
When you use an authentication URL, the user credentials that are provided in the authorization header are validated by the endpoint specified in the URL. If the user is authenticated, IBM® API Connect expects an authentication URL to return an HTTP 200 OK response status code. All other HTTP response status codes result in an authentication failure and access is denied.
For more information about using an LDAP user registry for authentication, see LDAP authentication.
For information about using an Authentication URL, see Authentication URL user registry.
To make use of a basic authentication security scheme, you must reference it from elsewhere in your API definition. For more information, see Enforcing security requirements on an API and Enforcing security requirements on an operation.
At any time, you can switch directly to the underlying OpenAPI YAML source by clicking the Source icon . To return to the design form, click the Form icon .
Procedure
- Open the API for editing, as described in Editing an OpenAPI 2.0 API definition.
- If there are already one or more security schemes defined, expand Security Schemes.
- To create a basic authentication security scheme, click the add icon alongside Security Schemes, then select basic for the Security Definition Type. To edit an existing basic authentication security scheme, click the security scheme name in the navigation pane.
- Enter an identifying name of your choice in the Name field.
- Select the user registry from the Authenticate using User Registry
list. The user registries in the list are those that have been enabled in the Sandbox Catalog; for details, see Creating and configuring Catalogs.
- Optionally, provide a Description for the security scheme. You can use CommonMark syntax for rich text representation.
- If you are creating a new basic authentication security scheme, click
Create. The security scheme details are displayed for further editing.
- Click Save when done.
What to do next
Apply the security scheme to an API or operation. For more information, see Enforcing security requirements on an API and Enforcing security requirements on an operation.
For more information on LDAP and Authentication URL, see LDAP authentication and Authentication URL user registry.