Enforcing security requirements on an API
To enforce security requirements on an API, you apply previously created security scheme components that define various aspects of API security configuration.
About this task
You can complete this task either by using the IBM API Studio UI application, or by using the browser-based API Manager UI.
For details on how to create and configure security scheme components, see Defining security scheme components.
- You cannot apply more than two API key security schemes to an API.
- If you apply an API key security scheme for client secret, you must also apply an API key security scheme for client ID.
- If you require the application developer to supply both client ID and client secret, you must apply two separate API key security schemes.
- You can have at most one API key scheme of type client ID, regardless of whether the client ID is sent in the request header or as a query parameter.
- You can have at most one API key scheme of type client secret, regardless of whether the client secret is sent in the request header or as a query parameter.
- You cannot apply more than one basic security scheme to an API. If you apply a basic security scheme, you cannot also apply an OAuth security scheme.
- You can apply at most one OAuth security scheme to an API.
A security requirement specifies one or more security scheme components whose conditions must all be satisfied for the API to be called successfully. You can define multiple security requirements; in this case, an application can call your API if it satisfies any of the security requirements you have defined.
At any time, you can switch directly to the underlying OpenAPI YAML
source by clicking the Source icon
.
To return to the design form, click the Form icon
.
Procedure
What to do next
Fore more information on LDAP and Authentication URL, see LDAP authentication and Authentication URL user registry.