Hi Emmanuel,
You can fulfill this requirement step by step
First you can configure the native OAuth provider into there you have to decide which flow you want to configure this, please follow below URL.
https://developer.ibm.com/tutorials/securing-apis-oauth2-api-connect/Second TLS Mutual authentication can be achieve by enabling the "Life cycle" option Application Authentication, then upload the certificate in the Portal.
Third Message signing can achieve by writing a Gateway-Script/XSLT only for this certificates also required to do Signing and Verification.
------------------------------
kandula nagababu
------------------------------
Original Message:
Sent: Tue September 27, 2022 05:44 PM
From: Emmanuel Serunjogi
Subject: Security API with OAuth, Message signing and MTLS on APIconnect
I have a scenario for which i need help on
- We have API connect deployed together with DMZ Datapower gateway
- Message signing is required for both Internal consumption (to those API on Internal catalog) and External consumption (to those API on External catalog).
- For external API Security, it's expected the OAuth Authentication and Message Signing
- We need to configure TLS mutual authentication to secure API calls made to that gateway services
What is the best way to achieve Message signing, TLS mutual authentication and use of native OAuth in such a design?
Emmanuel