Adding Authentication and Authorization to API Deployments

You can control access to APIs you deploy to API gateways based on the end user sending a request, and define what it is that they are allowed to do. For the APIs you deploy, you'll typically provide:

  • Authentication functionality to determine the end user's identity. Is the end user really who they claim to be?
  • Authorization functionality to determine appropriate access for an end user, and grant the necessary permissions. What is the end user allowed to do?

You can add authentication and authorization functionality to API gateways to support:

  • HTTP Basic Authentication
  • API Key Authentication
  • OAuth Authentication and Authorization
  • Oracle Identity Cloud Service (IDCS) Authentication

You can add authentication and authorization functionality to an API gateway as follows: