What options does APIC offer to authenticate itself to the back end service provide an API would be calling?

For example, if the back end service provider requires an ID and password to be presented, where in APIC  would this credential be securely held so that during run time an API could grab it and supply it on the connection attempt to the back end?

APIC v5

Hello

There are multiple options to this from my PoV:
- make a invoke from APIC to an authorization server that would provides back the credentials that you could use in the assembly to call your backend
- use properties that would be set on the openapi definition (in a devops, this would be injected at deployment time) or at the catalog level
- If you have the ability to extend the gateway, you might be able to define a password alias and use it within the assembly.

------------------------------
Pierre Richelle
IBM Hybrid Cloud Integration Specialists
IBM
bruxelles
0474681892
------------------------------

Original Message:
Sent: Fri May 01, 2020 07:00 PM
From: Peter Potkay
Subject: APIC options for Authentication to back end service providers

What options does APIC offer to authenticate itself to the back end service provide an API would be calling?

For example, if the back end service provider requires an ID and password to be presented, where in APIC  would this credential be securely held so that during run time an API could grab it and supply it on the connection attempt to the back end?

APIC v5


------------------------------
Peter Potkay
------------------------------

if the backend is secured by oauth token, can APIC cache the toke for re-use?  otherwise, it's a waste by just using the token one time.

------------------------------
charles ding
------------------------------

Original Message:
Sent: Tue May 05, 2020 02:53 AM
From: Pierre Richelle
Subject: APIC options for Authentication to back end service providers

Hello

There are multiple options to this from my PoV:
- make a invoke from APIC to an authorization server that would provides back the credentials that you could use in the assembly to call your backend
- use properties that would be set on the openapi definition (in a devops, this would be injected at deployment time) or at the catalog level
- If you have the ability to extend the gateway, you might be able to define a password alias and use it within the assembly.

------------------------------
Pierre Richelle
IBM Hybrid Cloud Integration Specialists
IBM
bruxelles
0474681892

Original Message:
Sent: Fri May 01, 2020 07:00 PM
From: Peter Potkay
Subject: APIC options for Authentication to back end service providers

What options does APIC offer to authenticate itself to the back end service provide an API would be calling?

For example, if the back end service provider requires an ID and password to be presented, where in APIC  would this credential be securely held so that during run time an API could grab it and supply it on the connection attempt to the back end?

APIC v5


------------------------------
Peter Potkay
------------------------------