API Connect

 View Only
Expand all | Collapse all

Security API with OAuth, Message signing and MTLS on APIconnect

  • 1.  Security API with OAuth, Message signing and MTLS on APIconnect

    Posted Tue September 27, 2022 05:44 PM
    I have a scenario for which i need help on
    • We have API connect deployed together with DMZ Datapower gateway
    • Message signing is required for both Internal consumption (to those API on Internal catalog) and External consumption (to those API on External catalog).
    • For external API Security, it's expected the OAuth Authentication and Message Signing
    • We need to configure TLS mutual authentication to secure API calls made to that gateway services

    What is the best way to achieve Message signing, TLS mutual authentication and use of native OAuth in such a design?

    Emmanuel




  • 2.  RE: Security API with OAuth, Message signing and MTLS on APIconnect

    Posted Wed October 26, 2022 05:35 AM
    Hi Emmanuel,

    You can fulfill this requirement step by step

    First you can configure the native OAuth provider into there you have to decide which flow you want to configure this, please follow below URL.
    https://developer.ibm.com/tutorials/securing-apis-oauth2-api-connect/
    Second TLS Mutual authentication can be achieve by enabling the "Life cycle" option Application Authentication, then upload the certificate in the Portal.
    Third Message signing can achieve by writing a Gateway-Script/XSLT only for this certificates also required to do Signing and Verification.

    ------------------------------
    kandula nagababu
    ------------------------------