Using Your API Keys for Consumption
RESTful APIs are often exposed over the open Internet for consumption. API providers need a mechanism to prevent unauthorized access to the API. One approach is to provision consumers with API keys. Those keys can be used as authentication tokens.
CentraSite API Management Solutions automatically generates API keys when consumers request to consume APIs. The API providers can view, approve and set expiration for API keys. This ensures that no consumer can access a protected API without a valid key.
API keys are verified at runtime to ensure that:
The API key presented is valid and has not expired.
The API key presented is approved to consume an API that includes the URI in the request.
Note: | Throughout this section, the term Virtual Alias is also referred to as API or simply API. The name can be used interchangeably. |
This section provides information about consuming APIs that are published in webMethods Mediator. If you are using a different kind of PEP, refer to its documentation for publishing procedures and information.