Configuring public/private key pairs for tokens
Configure public/private key pairs for signing and verifying tokens in your API Connect deployment.
About this task
By default, an API Connect deployment receives one public/private key pair, which is used repeatedly. The public/private key pair is generated for you the first time you start API Connect after installing or upgrading it. The keys are stored in a keystore object. You can add and revoke keys, and configure a rotation through keys for enhanced security.
You can configure key pairs for tokens in the Cloud Manager user interface, or by using the Toolkit CLI.
Using the Cloud Manager UI to configure public/private key pairs
Use the Cloud Manager user interface to configure key pairs for signing and verifying tokens.
About this task
Manage Keystore assignment and Keystore history for tokens
Procedure
Using the Toolkit CLI to configure public/private key pairs
Use the Toolkit CLI to configure key pairs for signing and verifying tokens.
About this task
Use the following properties to the keystore URLs that contain the public/private key pair for each type of token. For each setting, the list of keystores is an array of strings, with each string representing the complete URL of a keystore. The first keystore in the array (keystore_url_0) is the one that is currently in use.
- access_token:
access_token_keystore_urls: [keystore_url_0, keystore_url_n]
- id_token:
id_token_keystore_urls: [keystore_url_0, keystore_url_n]
- temporary_token:
temporary_token_keystore_urls: [keystore_url_0, keystore_url_n]
The keystore URLs can be lengthy. You can avoid errors by writing the settings in a file and uploading that file. Format the settings as a .yaml file (you can choose the file name) and upload the file using the toolkit CLI. The following example configures a different keystore for each type of token:
access_token_keystore_urls:
- >-
https://mgmt_endpoint_url/api/orgs/1cdb71a1-b53c-4b66-b162-1b0f45ca8a54/keystores/de5298dd-a00b-45a0-9d08-96c5d93e1273
id_token_keystore_urls:
- >-
https://mgmt_endpoint_url/api/orgs/1cdb71a1-b53c-4b66-b162-1b0f45ca8a54/keystores/85a21745-8ac3-499d-929a-2d017bade815
temporary_token_keystore_urls:
- >-
https://mgmt_endpoint_url/api/orgs/1cdb71a1-b53c-4b66-b162-1b0f45ca8a54/keystores/63d6462f-c93d-439b-b422-0e604381e97a