Defining security scheme components
A security scheme component specifies all the settings for a particular aspect of API security; for example, the user registry that you use to authenticate access to the API.
Note:
- This task relates to configuring an OpenAPI 3.0 API definition. For details on how to configure an OpenAPI 2.0 API definition, see Editing an OpenAPI 2.0 API definition.
- OpenAPI 3.0 APIs are supported only with the DataPower® API Gateway, not with the DataPower Gateway (v5 compatible).
- For details of current OpenAPI 3.0 support limitations, see OpenAPI 3.0 support in IBM® API Connect.
You can complete this task either by using the API Designer UI application, or by using the browser-based API Manager UI.
You can create security definitions of the following types:
| Type | Description |
|---|---|
| Basic authentication | Use a basic authentication security definition to specify a user registry or an authentication URL to be used to authenticate access to the API. |
| API key | Use an API key security definition to specify what application credentials are required to call an API. |
| OAuth2 | Use an OAuth2 security definition to specify settings for OAuth token based authentication for your API. |
| HTTP Bearer | Use an HTTP Bearer definition to specify how to validate the Bearer token that is required to call an API. |