Authorizing APIs with different mechanisms in API Manager-WSO2

0
votes

WSO2 APIM by default supports OAuth2 for securing APIs. If I want to secure my APIs with other standard mechanisms such as BASIC or custom authorization mechanism(eg: based on xml body elements values of request), what is the approach I should follow?

In documentation it tells about writing a custom handler link . I guess this handler is invoked at transport level which will apply for all the API requests over that transport ??.

Does APIM supports adding other security(eg:Basic) mechanisms for each API when an API is added by publisher? and if so does that happen inside the ESB proxy service sequence or before it hits the proxy service?

2
wso2wso2-am

2 Answers

1
votes

The API Manager UI supports only OAuth based security, you can modify the synapse configuration of the API to support Basic auth to validate based on HTTP header. Customer authentication can be supported through handler. A reference to the handler has to be included in each API that you want to secure using the custom logic. This can be done by modifying the synapse config of the API.

0
votes

You need write custom authentication handler and set as an handler configuration for that specific API