Question & Answer
Question
How do the Client ID and Secret work with API Connect version 2018?
Cause
Further understanding about the storage of the Client ID and Client Secret is needed.
Consider the example:
A user has an API with client ID and secret enabled on the Security of the API
The API is in a product published on a sandbox catalog
On the Developer Portal site for the sandbox catalog, a test application is subscribed to the product.
When creating the Application on the Portal, it has a Client ID and Secret.
Testing the API works successfully by a client using the client ID and secret observed on the Portal
When the client sends a request, how does the gateway verify the client ID and secret?
Answer
In general, the Portal and Gateway do not directly interact.
As shown in the Firewall requirements of the IBM Documentation, the gateway cluster and management cluster communicate and the management cluster and Developer Portal cluster communicate.
As shown in the Firewall requirements of the IBM Documentation, the gateway cluster and management cluster communicate and the management cluster and Developer Portal cluster communicate.
The Management server stores client_id, and client_secret (with the client_secret hashed and protected).
It pushes copies of the client_id and client_secret [hash version] to the Gateway. The Gateways keep this data in either the document cache for version 5 or version 5 compatibility, or its own internal datastore for the api gateway.
When a request is sent from the client to your Gateway:
The application is checked with client_id and client_secret
Related Information
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSMNED","label":"IBM API Connect"},"Component":"","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
27 July 2021
UID
ibm10882928