CentraSite Documentation : Runtime Governance with CentraSite : Virtualized APIs in CentraSite Business UI : Obtaining Your API Keys and Access Tokens for Consumption : Fetching and Using Your API Keys for Consumption : How Does Mediator Evaluate Consumers at Run Time?
How Does Mediator Evaluate Consumers at Run Time?
After you (the API consumer) have successfully registered as a consumer for a particular API, in order to call an API you must pass your API key or OAuth2 access token in your HTTP request header.
*If you use an API key to call the API, the client must pass the API key in the HTTP request header or as a query string parameter. The use of this key establishes the client's identity and authentication.
*If you use an OAuth2 access token to call the API, the client must pass the OAuth2 access token as an integral part of the HTTP request header. An OAuth2 token is a unique token that a client uses to invoke APIs using the OAuth 2.0 protocol. The token contains an identifier that uniquely identifies the client. The use of a token establishes the client's identity and is used for both the authentication and authorization.
In addition, the API provider can include run-time security actions in the run-time governance rules for APIs. Security actions can validate clients' request and response messages (through WSS X.509 certificates, WSS username tokens, and so on) or identify clients (through IP address or hostname). To enforce client validation, Mediator maintains a list of consumer applications specified in CentraSite that are authorized to access the API published to Mediator. For more information about run-time governance rules, see Run-Time Governance Reference.
Copyright © 2005-2016 Software AG, Darmstadt, Germany.

Product LogoContact Support   |   Community   |   Feedback