Authorization to specific API Suite
I would like to know if there is a way to provide authorization for specific API suites within the API Gateway. Currently, it seems that an authorized app has access to all available APIs, and I’m interested in limiting access to only certain suites.
Best Answer
-
I think is not possible limited access by suite.
Look the API Gateway documentation maybe help you!
0
Answers
-
Thank you
1 -
Look at Policies under ION API documentation where you can do something but basically security of an API is more a concept that depends on the application itself. When you setup the connection in ION API with your application you can do in several ways (it also depends on what protocols the application supports).
Then let's say that you use an authentication method where you ask for user authentication to release token and ION API bridge the user to your application, then you obtain the "filter" based on user authorization you have set on the target API suite.
When you create *.ionapi files you can use different users for different scopes, bay be user 1 have access to IDM document types A and user 2 only to document types B and V.
When you use IDM API to query for example documents you will see only the documents the user (linked to your ionapi file) could actually see.
2
