Hi Community,

I am using webMethods API Gateway 10.15 for my services. I have implemented a Basic Authentication policy where the credential validation is delegated to the Integration Server (IS).

When a client authenticates, the framework correctly makes a POST request to the /authenticate endpoint on the IS. The IS then provides a successful JSON response, similar to this:

<response-element class="" ng-version="0.0.0-PLACEHOLDER"></response-element>

{
  "status": "Authenticated",
  "accessProfiles": ["Default", "api-test"],
  "user": "test",
  "type": "",
  "expires": "60"
}

<response-element class="" ng-version="0.0.0-PLACEHOLDER"></response-element>

I have traced this process on the Integration Server and can see that it's handled by the apigateway.authenticate:_post service, which subsequently calls apigateway.authenticate:handlePost.

My Goal

My goal is to configure the value of the expires field in this JSON response. The default value is 60 (seconds), but for my use case, I need to set a different token lifetime.

My Question

Where can I find the configuration setting to control this expires value?

I have looked through the API Gateway UI settings and common configuration files but haven't found a clear parameter for this specific token lifetime. Is this value set via an extended setting, a parameter in a specific configuration file on the IS, or is the recommended approach to create a custom authentication service to override the default behavior?

Environment Summary

• Product: webMethods API Gateway Advanced (Licensed)

• Version: 10.15.0.22.731

• Authentication Method: Basic Auth delegated to Integration Server

Any guidance on where to find this setting would be greatly appreciated.

Thank you!