This section provides an overview of the API Key-Based Authentication security policy. This policy enables you to provide secure access to APIs. The resource owner generates an API key for a given client application with the required authorization and then shares the generated API key. The client application is then required to pass the API key with the request for accessing protected resources.
The following steps are performed as part of the API key-based authentication flow.
|1||The resource owner authenticates and generates an API key for the given client application.|
|2||The resource owner shares the generated API key with the client application.|
|3||The client application makes a request for a resource using the API key.|
When you select Configure Security on the Connections page for a REST Adapter, you select API Key Based Authentication.
Description of the illustration rest_adptr_api_key_usg.png
In the API Key Usage field, you specify how the API key is passed with the request for accessing a resource. Enter this information carefully since this usage governs how the provided API key is passed to the endpoint. See Configure Connection Security for Invoke Connections for details.
At runtime, the API key is automatically passed to the endpoint while sending the request.