Create API security policies

Prepare your application

Strivacity provides API authorization using the Client Credentials flow that starts with an access token request. You can obtain the credentials (Client ID and Secret) needed for the token request from an application:


Disable Interactive login and registration in applications that have API security policies.

Create an API Security policy

1) Go to API Security Policy and click on +Create API Security Policy to get started.

2) Name your policy, add the audience (mandatory), and add a description (optional) on the General tab.


Audience: the endpoint of your REST API.

3) Switch to the Scope tab where you can add your REST API's scopes:

4) Click on Create Scope to fill in a scope:

Save your new scope and repeat the steps until you've added every desired scope:

{% hint style="danger" %}
At this point, your REST API's custom scopes are not added to any application yet. Custom scopes will not be validated against the Strivacity API Controller until you add the scopes to an application.
{% endhint %}

5) Continue to Application Assignment and click on Assign to Application:

6) Assign the application that will provide the Client ID and Secret for the communication between the Strivacity API Controller and your REST API:

7) Select the scopes you want to allow access to:

8) Save your changes.

You have successfully created and applied an API security policy to one of your applications.