

API Authentication

Choreo Connect provides the ability to secure APIs in API level and resource levels. The following section would concisely guide you through the available security options in Choreo Connect. API security can be divided into two main categories; namely, Application-level security and Transport-level security.

By default, APIs are secured with application security. However, if you want to disable security for the API or only for a specific resource, see Disabling Security.

Application Security

Application security can be provided in the API and resource levels. The following are the API authentication types granted by Choreo Connect.

• OAuth 2.0 Authentication

• Publisher Internal Key Authentication

• API Key Authentication

• Enforcer Test Key Authentication

Once authenticated, end-user attributes can be passed to the backend by enabling Backend JWT Generation.

Top