Reputation: 73
Blue APIConnect OAuth 2.0 using External Token provider
I have a existing application built in ASP.NET. This application has REST APIs. We are wanting to expose these APIs via API connect platform. Now, since our APIs are already authenticated, if we use IBM API connect, then how will end user authenticate to our API and API consumer authenticate via IBM Developer portal?
Lets say our API clientA logs into our developer portal, creates an app and then subscribes to our API. Now when end users try to access our API "VIA ClientA", we need to authenticate the request.
I tried to follow this tutorial http://www.ibm.com/support/knowledgecenter/SSFS6T/com.ibm.apic.toolkit.doc/task_apionprem_redirect_form_.html But it does NOT get redirected to our external URL.
Please help!
Upvotes: 0
Views: 663
Answers (1)
Reputation: 11
The API gateway (part of API Connect) establishes and enforces authentication between the API end-user/subscriber and your outbound API service running on API Connect. The gateway acts as a service proxy to authenticate potentially many subscribers to a particular API plan (made up of one or several APIs), using API keys that are generated as new subscribers onboard to that plan. The management and enforcement of those API keys is accomplished entirely within API Connect. Nothing is required on your part, except the initial setup parameters for each API.
For that same API, the back-end authentication between API Connect and your existing REST API endpoint is different: it is the same for all end-user subscribers. Every time an end user calls an API they have previously subscribed to, they must first authenticate to API Connect using their unique key (since their usage must be tracked, billed and possibly limited). Once authenticated to the API gateway, all subscribers invoking usage instances for this API will be authenticated to the same API endpoint using the same authentication scheme and credentials as created when setting up the API.
Their are several choices of back-end authentication schemes when using external API endpoints. See this tutorial for more information and links to further resources:
Upvotes: 1
Related Questions
- IBM API Connect - Cannot pass the meaningful message from response of Authentication URL to oAuth/token Client
- API Connect on IBM Cloud: error when trying to expose an local API through API connect on cloud
- HTTP 500 Internal Server Error using all APIs on Bluemix Apiconnect
- How to Create Bluemix Secure Gateway from rest api
- Is there an API for Bluemix API Connect Service?
- IBM API Connect - Sign in failed
- How to expose API Connect API in Bluemix Catalog
- API Connect on Bluemix Developer Access
- Bluemix API Management, secure the API implementation
- Is oauth a reserved word in Bluemix API management?