Create API security policies
Prepare your application
Strivacity provides API authorization using the Client Credentials flow that starts with an access token request. You can obtain the credentials (Client ID and Secret) needed for the token request from an application:
Disable Interactive login and registration in applications that have API security policies.
Create an API Security policy
-
Go to Policies > API Security Policy and select +Create API Security Policy to get started.
-
Name your policy, add the audience (mandatory), and add a description (optional) on the General tab.
Audience: the endpoint of your REST API.
- Switch to the Scopes tab where you can add your REST API's scopes.
Screen to configure scopes for a REST API security policy
- Select +Create scope to fill in a scope.
Save your new scope and repeat the steps until you've added every desired scope.
At this point, your REST API's custom scopes are not added to any application yet. Custom scopes will not be validated against the Strivacity API Controller until you add the scopes to an application.
API security policy configuration with multiple scopes configured
-
Continue to Client assignments and click on +Assign to client.
-
Assign the application that will provide the Client ID and Secret for the communication between the Strivacity API Controller and your REST API.
-
Select the scopes you want to allow access to:
Application and scope assignment of API security policy
- Save your changes.
You have successfully created and applied an API security policy to one of your applications.
Updated 6 months ago