Securing a REST API by using HTTPS
Secure the communications between a REST API and an HTTP client by enabling HTTPS.
You must create a REST API in the IBM® Integration Toolkit, see Creating a REST API.
Before you begin
Secure the communications between a REST API and an HTTP client by enabling HTTPS. You can enable HTTPS just for encryption, or you can also configure a REST API for client authentication (mutual authentication). Because REST APIs always use the integration server HTTP listener for the integration server, you must configure the integration server HTTP listener.
About this task
Note: You cannot use the integration node HTTP listener with REST APIs.
To enable HTTPS for a REST API, complete the following steps:
- Configure the integration server HTTP listener to use SSL. Set up a public key infrastructure (PKI) at integration node level, see Setting up a public key infrastructure.
- In the Application Development view, which is under the REST API project, open the REST API Description for the REST API for which you want to enable HTTPS.
- Under Security Options, select Enable HTTPS in the REST API Description.
- Package and deploy your REST API to an integration server, see Packaging and deploying a REST API.
Your REST API is secured by using HTTPS.
What to do next
You can complete the following optional tasks:
- Secure your REST API by authenticating users with HTTP Basic Authentication, see Securing a REST API by using HTTP Basic Authentication.
- If your REST API is going to be used by client-side code that is running in a web browser, you might have to configure Cross-Origin Resource Sharing, see Permitting web browsers to access a REST API by using Cross-Origin Resource Sharing.