Configuring Access Token Signature Validation

About this task

By default, the access token signatures of the request payloads sent to Developer Portal are not validated. You can enable the validation by adding a configuration in the dpo_wrapper.config file.

To configure access token signature validation

  1. Go to the location SAGInstallDir/DeveloperPortal/configuration.
  2. Open the dpo_wrapper.conf file to edit the same.
  3. Add the following entry.
    wrapper.java.additional.2150=Dcom.softwareag.portal.umc.token.signature.enabled=true
  4. Save the changes.
  5. Restart Developer Portal for the changes to take effect.

When you enable this configuration, and if the signature part is not included in a request payload then the authentication failed and the 401 Unauthorized status appears for such API calls.