Configuring API security

You configure security for an API by creating one or more security definitions by using IBM® API Connect that specify various aspects of security configuration. You then select which definitions you want to apply to your API, and to the operations in your API.

About this task

Note: This task relates to configuring an OpenAPI 2.0 API definition. For details on how to configure an OpenAPI 3.0 API definition, see Editing an OpenAPI 3.0 API definition.

By default, the security definitions that you apply to your API are also applied to the operations in the API, but for each API operation you can override the default setting by specifying the types of security definition that you want the operation to inherit from the containing API.

Procedure

You configure API security by completing the following steps:

  1. Create one or more security definitions.
  2. Apply one or more of those security definitions to the API.
  3. Optional: Specify the security definitions that you want each API operation to inherit.

    For details of configuring API security, see the following subtopics: