Adding Authentication and Authorization to API Deployments
You can control access to APIs you deploy to API gateways based on the end user sending a request, and define what it is that they are allowed to do. For the APIs you deploy, you'll typically provide:
- Authentication functionality to determine the end user's identity. Is the end user really who they claim to be?
- Authorization functionality to determine appropriate access for an end user, and grant the necessary permissions. What is the end user allowed to do?
You can add authentication and authorization functionality to API gateways to support:
- HTTP Basic Authentication
- API Key Authentication
- OAuth Authentication and Authorization
- Oracle Identity Cloud Service (IDCS) Authentication
You can add authentication and authorization functionality to an API gateway as follows:
- You can have the API gateway pass an access token included in a request to an authorizer function deployed on Oracle Functions to perform validation (see Using Authorizer Functions to Add Authentication and Authorization to API Deployments).
- You can have the API gateway itself validate a JSON Web Token (JWT) included in the request with an identity provider (see Using JSON Web Tokens (JWTs) to Add Authentication and Authorization to API Deployments).