Create API security policies
Prepare your application
Strivacity provides API authorization using the Client Credentials flow that starts with an access token request. You can obtain the credentials (Client ID and Secret) needed for the token request from an application:
Disable Interactive login and registration in applications that have API security policies.
Create an API Security policy
1) Go to Policies > API Security Policy and click on +Create API Security Policy to get started.
2) Name your policy, add the audience (mandatory), and add a description (optional) on the General tab.
Audience: the endpoint of your REST API.
3) Switch to the Scope tab where you can add your REST API's scopes:
Screen to configure scopes for an REST API security policy
4) Click on Create Scope to fill in a scope
Save your new scope and repeat the steps until you've added every desired scope
At this point, your REST API's custom scopes are not added to any application yet. Custom scopes will not be validated against the Strivacity API Controller until you add the scopes to an application.
API security policy configuration with multiple scopes configured
5) Continue to Application Assignment and click on Assign to Application.
6) Assign the application that will provide the Client ID and Secret for the communication between the Strivacity API Controller and your REST API
7) Select the scopes you want to allow access to
Application and scope assignment of API security policy
8) Save your changes.
You have successfully created and applied an API security policy to one of your applications.
Updated 5 months ago