API authentication is a way of protecting API access from unidentified or anonymous access. It ensures that the API is secured and accessible only by the consumers who prove their identity and whose identities are found within the API Management Platform.

WSO2 API Manager offers the following authentication mechanisms to secure your API from unauthenticated access.

WSO2 API Manager allows you to enable multiple Key Managers for authentication.

  • The tenant admin can configure preferred Key Managers via the Admin Portal console. For more information, see Configuring Key Managers.

  • The enabled Key Managers can be disabled for a given API via the Publisher by navigating to Runtime Configurations -> Application Level Security -> Key Managers

    Disable Key Managers

  • Application users can generate keys for an application using a preferred Key Manager as shown below.

    Disable Key Managers