Overview of the API Access Control
IBM Security Verify Access provides many capabilities which can be configured independently to protect a RESTful API.
The following are capabilities that are included:
- Junctions
- Access Control Lists (ACLs)
- Protected Object Policy (POP)
- HTTP Transformation Rules
- Rate Limiting Policy
- Static Response Headers
- OAuth Validation
The API Access Control component provides a simple way for these various capabilities to be configured in order to protect a RESTful API.
The following diagram shows a high level overview of the flow of a request when the API Access
Control has been configured.![](../images/apiaccess.png)
![](../images/apiaccess.png)