API authentication is a way of protecting API access from unidentified or anonymous access. It ensures that the API is secured and accessible only by the consumers who proves their identity and whose identities are found within the API Management Platform.

WSO2 API Manager offers the following authentication mechanisms to secure your API from unauthenticated access.

WSO2 API Manager allows you to enable multiple Key Managers for authentication.

  • The tenant admin can configure preferred Key Managers via the Admin Portal console. For more information, see Configuring Key Managers.

  • The enabled Key Managers can be disabled for a given API via the Publisher by navigating to Develop -> API Configurations -> Runtime -> Application Level Security -> Key Manager Configuration

    Disable Key Managers

  • Application users are able to generate keys for an application using a preferred Key Manager as shown below.

    Disable Key Managers