Restrict access to API operations using plans for a group of consumers

How To

Summary

This article will describe how to restrict access to only certain API operations for a given group of consumers by creating a plan for them and have them subscribed to that plan only.

Often there is a requirement to allow read only access to API(s) to the certain group of consumers. If your backend services follow leading REST practices, you can achieve this by creating a plan that will only allow access to the GET HTTP method of APIs and only allow subscriptions to the plan for that group of consumers.

The GET method is used only to query information and should not be used to update a backend resource. Generally, POST, PUT, DELETE methods are used to update backend resources. In this scenario, if you want to allow access to only GET methods and restrict access to other operations i.e. POST, PUT, DELETE for a specific group of consumers, you can create a new plan for them and have them subscribe to that plan only.

Document Location

Worldwide

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"v2018","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

Restrict access to API operations using plans for a group of consumers

How To

Summary

Document Location

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?