API security policy
Overview
Set up authorization for your proprietary REST APIs or backend services through Strivacity.
The new API security policy feature allows you to easily expose your REST APIs' endpoints and custom scopes to Strivacity Fusion's API Controller service.
Strivacity Fusion's API Controller built on the industry best-practice OAUTH2 standard will take care of everything else happening under the hood:
Strivacity Fusion's API Controller will
- generate and provide access tokens for use against your REST APIs
- allow access to the scopes defined in the API Security policy
- allow your proprietary REST APIs to validate access tokens

Client credentials flow
We've implemented the Client Credentials flow for communication between our API Controller service and your REST APIs.
The Client ID and Secret required for service-to-service communication are provided by the application the API security policy is assigned to.
Updated 14 days ago