Calling secured APIs
To call an API that is secured with OAuth 2.0 access token, an API key or a JSON Web Token (JWT), you might need to specify security parameters in your z/OS application.
To call an API that is secured with an API key, the API key definition can be provided either in
the OpenAPI file or in the z/OS Connect
Gradle plug-in properties. In either case, the Gradle plug-in generates a request data structure
containing fields in which the API key value can be set by your CICS® application.
For information on OAuth 2.0 support within z/OS Connect, see Calling an API secured with OAuth 2.0.
For information about the OAuth 2.0 parameters that can be set in your application, see OAuth 2.0 parameters.
JSON Web Token (JWT)
If your API requires a JWT for authentication, z/OS Connect can retrieve a JWT from an authentication server or it can generate a JWT locally. If the JWT is retrieved from an authentication server, the user credentials can be provided in your z/OS application, for more information, see JWT parameters. If the JWT is generated locally, the z/OS Connect server must be configured to require authentication of the Host API request.