API requester calling an API secured with an API key
An API key is a code that is passed by an application that is calling an API. It is used to establish the identity of the calling application.
zosConnect-3.0 Applies to zosConnect-3.0.
The API key can act as both a unique identifier and a secret for authentication, and will typically have a set of access rights on the API associated with it.
To call an API protected by an API key, the z/OS® application must include the API key as an authentication or authorization credential in the request.
Figure 1 shows the API key credentials that are provided by the z/OS application, being sent by the Host API to the z/OS Connect Server and then propagated to the API in a query string or request header, or request cookie.
The API key credentials that are required are defined by the remote API. Table 1 shows the different API key options and example parameter names.
| Location of credentials | Type of credentials | Parameter name |
|---|---|---|
| Header | Client ID | X-IBM®-Client-ID |
| Query | Client ID | client_id |
| Cookie | Client ID | client_id |
API key definitions can be provided by using either an OpenAPI definition or by using the z/OS Connect API requester Gradle plug-in.