Using API requester to call an API secured with multiple authentication and authorization methods
IBM® z/OS® Connect API requester provides the
capability for a CICS, IMS, or z/OS application to
call a RESTful API that is secured with multiple authentication or authorization methods.
The supported authentication and authorization methods are client certificate authentication,
basic authentication, and access token authentication.
- To configure z/OS Connect to support client
certificate authentication to the RESTful API endpoint, specify the sslCertsRef
on the
zosconnect_endpointConnection
in server.xml. For more information, see API requester TLS client authentication to a RESTful API endpoint. - To configure z/OS Connect to support basic
authentication or access token authentication to a RESTful API endpoint, specify one or more values
in the authenticationConfigRef attribute on the
zosconnect_endpointConnection
element in server.xml. See Table 1 to find out how to use the authenticationConfigRef attribute to specify the combination use of basic authentication, JWT, and OAuth 2.0.
Authentication / authorization methods | Elements that can be referenced by the authenticationConfigRef attribute |
---|---|
Multiple tokens, either obtained from an authentication server by using the generic access token configuration, or a JWT generated locally by z/OS Connect, or both. |
|
One access token that is obtained from an authorization server by using the OAuth 2.0 configuration and one or more tokens, either obtained from an authentication server by using the generic access token configuration, or a JWT generated locally by IBM z/OS Connect, or both. |
|
Basic authentication and one or more tokens, either obtained from an authentication server by using the generic access token configuration, or a JWT generated locally by IBM z/OS Connect, or both. |
|
User credentials for basic authentication are passed to the API endpoint in the
Authorization
header, so you must configure an alternative header for each access
token to be passed to the API endpoint.