Overview of the API Access Control

IBM Security Access Manager provides many capabilities which can be configured independently to protect a RESTful API.

The following are capabilities that are included:
  • Junctions
  • Access Control Lists (ACLs)
  • Protected Object Policy (POP)
  • HTTP Transformation Rules
  • Rate Limiting Policy
  • Static Response Headers
  • OAuth Validation

The API Access Control component provides a simple way for these various capabilities to be configured in order to protect a RESTful API.

The following diagram shows a high level overview of the flow of a request when the API Access Control has been configured.