

Overview

API authentication is a way of protecting API access from unidentified or anonymous access. It ensures that the API is secured and accessible only by the consumers who prove their identity and whose identities are found within the API Management Platform.

WSO2 API Manager offers the following authentication mechanisms to secure your API from unauthenticated access.

• Securing APIs using OAuth2 Access Tokens

  • JWT (Self Contained) Access Tokens

• Secure APIs Using API Keys

• Secure APIs Using Mutual SSL

• Secure APIs Using Basic Authentication

WSO2 API Manager allows you to enable multiple Key Managers for authentication.

• The tenant admin can configure preferred Key Managers via the Admin Portal console. For more information, see Configuring Key Managers.

• The enabled Key Managers can be disabled for a given API via the Publisher by navigating to Runtime Configurations -> Application Level Security -> Key Managers

  

• Application users can generate keys for an application using a preferred Key Manager as shown below.

  

Top