Using API requester to call an API secured with multiple authentication and authorization methods

IBM® z/OS® Connect API requester provides the capability for a CICS, IMS, or z/OS application to call a RESTful API that is secured with multiple authentication or authorization methods.
The supported authentication and authorization methods are client certificate authentication, basic authentication, and access token authentication.
  • To configure z/OS Connect to support client certificate authentication to the RESTful API endpoint, specify the sslCertsRef on the zosconnect_endpointConnection in server.xml. For more information, see API requester TLS client authentication to a RESTful API endpoint.
  • To configure z/OS Connect to support basic authentication or access token authentication to a RESTful API endpoint, specify one or more values in the authenticationConfigRef attribute on the zosconnect_endpointConnection element in server.xml. See Table 1 to find out how to use the authenticationConfigRef attribute to specify the combination use of basic authentication, JWT, and OAuth 2.0.
Table 1. Supported combinations of basic authentication and access token authentication
Authentication / authorization methods Elements that can be referenced by the authenticationConfigRef attribute
Multiple tokens, either obtained from an authentication server by using the generic access token configuration, or a JWT generated locally by z/OS Connect, or both.
  • zosconnect_authToken
  • zosconnect_authTokenLocal
One access token that is obtained from an authorization server by using the OAuth 2.0 configuration and one or more tokens, either obtained from an authentication server by using the generic access token configuration, or a JWT generated locally by IBM z/OS Connect, or both.
  • zosconnect_oAuthConfig
  • zosconnect_authToken
  • zosconnect_authTokenLocal
Basic authentication and one or more tokens, either obtained from an authentication server by using the generic access token configuration, or a JWT generated locally by IBM z/OS Connect, or both.
  • zosconnect_authData
  • zosconnect_authToken
  • zosconnect_authTokenLocal

User credentials for basic authentication are passed to the API endpoint in the Authorization header, so you must configure an alternative header for each access token to be passed to the API endpoint.