API requester authorization

Learn how IBM® z/OS® Connect authorizes access to invoke API requesters.

Before you study this topic, you should be familiar with the information in Overview of IBM z/OS Connect security and API requester authentication and identification.

API requester WAR files contain a security constraint that requires the user ID invoking the API requester to be authenticated and authorized to the invoke role. This security is only enforced when the appSecurity-2.0 feature is configured in the IBM z/OS Connect server. The invoke role applies to all operations in an API requester WAR file.

Users and groups can be authorized to the API requesters invoke role by using either SAF EJBROLE profiles or by binding the users or groups to the authorization role in the configuration file.