Parameter | Description |
Condition | Specifies the condition operator for the authorization types selected. Select any of the following condition operators: AND. Applies all the identification types selected. OR. Applies one of the identification types selected. |
Allow anonymous | Specifies whether to allow all users to access the API without restriction. |
Identification Type. Specifies the identification type. You can select any of the following. | |
API Key | Specifies using the API key to identify and validate the client's API key to verify the client's identity in the registered list of applications for the specified API. |
Hostname Address | Specifies using host name address to identify the client, extract the client's hostname from the HTTP request header and verify the client's identity in the specified list of applications in API Gateway. Select one of the Application Lookup condition: Registered applications. Tries to verify the client's hostname against a list of registered applications for the specified API. Global applications. Tries to verify the client's hostname against a list of all global applications available in API Gateway. Note: If JMS is selected as the entry protocol policy, extract the client's hostname from the X-Forwarded-For JMS message property. |
HTTP Basic Authentication | Specifies using Authorization Header in the request to identify and authorize the client application against the list of applications with the identifier username in API Gateway. Provide the following information: Select one of the Application Lookup condition: Registered applications. Tries to verify the client's credentials against the list of registered applications for the specified API. Global applications. Tries to verify the client's credentials against a list of all global applications available in API Gateway. Do not identify. Checks for the existence of the criterion but does not validate if the specified value is a valid application and forwards the request to the native API. For example, HTTP Basic Authentication is checked by the HTTP transport level property Authorization: Basic Base64encodesusernamepassword |
IP Address Range | Specifies using the IP address range to identify the client, extract the client's IP address from the HTTP request header, and verify the client's identity against the specified list of applications in API Gateway. Select one of the Application Lookup condition: Registered applications. Tries to verify the client's credentials against a list of registered applications for the specified API. Global applications. Tries to verify the client's credentials against a list of all global applications available in API Gateway. Note: If JMS is selected as the entry protocol policy, extract the client's IP address from the X-Forwarded-For JMS message property. |
JWT | Specifies using the JSON Web Token (JWT) to identify the client, extract the claims from the JWT and validate the client's claims, and verify the client's identity against the specified list of applications in API Gateway. Select one of the Application Lookup condition: Registered applications. Tries to verify the JWT against a list of registered applications for the specified API. Global applications. Tries to verify the JWT against a list of all global applications available in API Gateway. |
Kerberos Token | Specifies using the Kerberos token to identify the client, extract the client's credentials from the Kerberos token, and verify the client's identity against the specified list of applications in API Gateway. Select one of the Application Lookup condition: Registered applications. Tries to verify the Kerberos token against a list of registered applications for the specified API. Global applications. Tries to verify the Kerberos token against a list of all global applications available in API Gateway. |
OAuth2 Token | Specifies using the OAuth2 token to identify the client, extract the client's credentials from the HTTP request header, and verify the client's identity against the specified list of applications in API Gateway. |
OpenID Connect | Specifies using the OpenID (ID) token to identify the client, extract the client's credentials from the ID token, and verify the client's identity against the specified list of applications in API Gateway. Select one of the Application Lookup condition: Registered applications. Tries to verify the ID token against a list of registered applications for the specified API. Global applications. Tries to verify the ID token against a list of all global applications available in API Gateway. |
SSL Certificate | Specifies using the SSL certificate to identify the client, extract the client's identity certificate, and verify the client's identity (certificate-based authentication) against the specified list of applications in API Gateway. The client certificate that is used to identify the client is supplied by the client to API Gateway during the SSL handshake over the transport layer. Select one of the Application Lookup condition: Registered applications. Tries to verify the client certificate against a list of registered applications for the specified API. Global applications. Tries to verify the client certificate against a list of all global applications available in API Gateway. |
WS Security Username Token | This is applicable only for SOAP APIs. Specifies using the WS security username token to identify the application, extract the client's credentials (username token and password) from the WSSecurity SOAP message header, and verify the client's identity against the specified list of applications in API Gateway. Select one of the Application Lookup condition: Registered applications. Tries to verify the client's WSS username token against a list of registered applications for the specified API. Global applications. Tries to verify the client's WSS username token against a list of all global applications available in API Gateway. |
WS Security X.509 Certificate | This is applicable only for SOAP APIs. Specifies using the WS security X.509 certificate to identify the client, extract the client identity certificate from the WS-Security SOAP message header, and verify the client's identity against the specified list of applications inAPI Gateway. Select one of the Application Lookup condition: Registered applications. Tries to verify the client's X.509 certificate against a list of registered applications for the specified API. Global applications. Tries to verify the client's X.509 certificate against a list of all global applications available in API Gateway. |
Payload Element | Specifies using the payload identifier to identify the client, extract the custom authentication credentials supplied in the request represented using the payload identifier, and verify the client's identity against the specified list of applications in API Gateway. Select one of the Application Lookup condition: Registered applications. Tries to verify the client's OAuth access token against a list of registered applications for the specified API. Global applications. Tries to verify the client's identify credentials against a list of all global applications available in API Gateway. In the Payload identifier section, click Add payload identifier, provide the following information, and click Add. Expression type: Specifies the type of expression, which is used for identification. You can select one the following expression type: XPath. Provide the following information: Payload Expression. Specifies the payload expression that the specified expression type in the request has to be converted to. For example: /name/id Namespace Prefix. The namespace prefix of the payload expression to be validated. Namespace URI. The namespace URI of the payload expression to be validated. Note: You can add multiple namespace prefix and URI by clicking . JSONPath. Provide the JSONPath for the payload identification. For example, $.name.id Text. Provide the regular expression for the payload identification. For example, any valid regular expression. You can add multiple payload identifiers as required. Note: Only one payload identifier of each type is allowed. For example, you can add a maximum of three payload identifiers, each being of a different type. |