API security policy


Set up authorization for your proprietary REST APIs or backend services through Strivacity.

The new API security policy feature allows you to easily expose your REST APIs' endpoints and custom scopes to Strivacity's API Controller service.

Strivacity's API Controller built on the industry best-practice OAUTH2 standard will take care of everything else happening under the hood:

Strivacity's API Controller will

  • generate and provide access tokens for use against your REST APIs
  • allow access to the scopes defined in the API Security policy
  • allow your proprietary REST APIs to validate access tokens
Client credentials flow

Client credentials flow

We've implemented the Client Credentials flow for communication between our API Controller service and your REST APIs.



The Client ID and Secret required for service-to-service communication are provided by the application the API security policy is assigned to.