Application authentication settings allow you to protect your API with a certificate. You can select whether
a client certificate is sent as a TLS client certificate or in an HTTP header.
About this task
You can complete this task either by using the API Designer UI application, or by using the
browser-based API
Manager UI.
At any time, you can switch directly to the underlying OpenAPI YAML
source by clicking the Source icon 
.
To return to the design form, click the Form icon 
.
Procedure
- Open the API for editing, as described in Editing an OpenAPI 3.0 API
definition.
- Enable application authentication, as follows:
Note: To identify the application, you must enable a security requirement of type
clientID.
- Select the Gateway tab, expand Gateway and portal
settings, then click Application Authentication.
- Select Certificate.
- Specify how the client certificate is sent to the gateway, as follows:
- In the navigation pane, click Application Authentication
Source.
Any existing application authentication source definitions are
listed.
- Alongside Application Authentication Source, click
Add.
- Select header.
When the
API is called, an X509 client certificate must be supplied in
the specified HTTP header. For any Developer Portal application that calls the API, the certificate must be entered in the Developer Portal user interface; for details, see Registering an application.
If you are using a
load balancer, you must configure the load balancer to use the specified HTTP header to
relay the appropriate client certificate to the Gateway service after the load balancer terminates
the TLS communication.
- Click Create.
-
Click Save to save your changes.