Creating an API protection definition

Edit online

Create API protection definitions to configure the settings that dictate the behavior of how resources are accessed. The configuration settings protect the resources from unauthorized access.

Procedure

  1. Log in to the local management interface.
  2. Click either AAC > Policy > OpenID Connect and API Protection or Federation > Manage > OpenID Connect and API Protection.
  3. Click Definitions, and click Add.
  4. In the Name field, type a unique name for the definition.
    Note: The name must begin with an alphabetic character. Do not use control characters, leading and trailing blanks, and the following special characters ~ ! @ # $ % ^ & * ( )  + | ` = \ ; :  " ' < > ? , [  ] { } / anywhere in the name.
  5. In the Description field, provide a brief description about the definition.
  6. If you want to enforce an access policy, select the policy from the menu for the Access Policy field.
    Note: The menu shows Access Policies that are currently defined. To use an access policy with OpenID Connect and API Protection, you must define the policy prior to running the configuration wizard. See Access policies.
  7. Click Grant Types and select at least one grant type.

    The grant type Authorization code is enabled by default. For information on grant types, see OAuth 2.0 and OIDC workflows.

  8. Click Token Management.

    Specify values for the token properties. For descriptions of each property, see API Protection token management properties.

  9. Click Trusted Clients and Consent and select when you want the user to be prompted to consent to an authorization grant.
  10. If you want to protect an OpenID Connect Provider, click OpenID Connect Provider and select Enable OpenID Connect .

    Specify OpenID Connect Provider settings as needed for your deployment. For descriptions of each property, see API Protection OpenID Connect Provider properties

  11. Click Save.

What to do next