Configure Authentication

Authentication (also known as identity management) controls which API users can see and call your APIs. API calls communicate with the API Server using JSON/REST. API users access the REST API using an authentication token. API users access  by way of normal HTTP.  requires authentication tokens for all REST calls except the @authentication resource endpoint (because its purpose is to obtain an authentication token), the @heartbeat, the @license resource endpoint.
lac42
Authentication (also known as identity management) controls which API users can see and call your APIs. API calls communicate with the API Server using JSON/REST. API users access the REST API using an authentication token. API users access 
CA Live API Creator
 by way of normal HTTP. 
CA Live API Creator
requires authentication tokens for all REST calls except the 
@authentication
 resource endpoint (because its purpose is to obtain an authentication token), the 
@heartbeat
, the 
@license
 resource endpoint.
In this article:
3
Authentication Providers
You can control API user access to API endpoints by way of an authentication provider. Authentication providers are pieces of JavaScript code that authenticate API user login credentials (username/password) and return a set of roles.
You can:
  • Use the 
    built-in authentication
     authentication provider.
  • Create a JavaScript or HTTP authentication provider.
Authentication Methods
You can specify an authentication provider for your API that uses 
one
 the following authentication methods:
The Default Auth Provider Authentication Method
The 
Default Auth Provider
authentication method authorizes API users using the authentication mechanism that is built-in to 
CA Live API Creator
. For example, the 
built-in authentication
 authentication provider uses the 
Default Auth Provider
 authentication method.
For more information about how to authenticate API users using the
built-in authentication
authentication provider, see Authenticate API Users using the Built-in Authentication Provider.
The JavaScript Auth Provider Authentication Method
The 
JavaScript Auth Provider
 authentication method authorizes API users using a JavaScript library. Custom authentication providers, including JavaScript authentication providers and Lightweight Directory Access Protocol (LDAP) authentication providers, use this authentication method.
For more information:
The HTTP Auth Provider Authentication Method
The 
HTTP Auth Provider
 authentication method authorizes API users using a 3rd-party authentication provider, such as OAuth, JSON Web Token (JWT), Single Sign-On (SSO). 
CA Live API Creator
 authenticates API users using the code for your authentication provider that you defined. This method does not involve an authentication token.
For more information about how to authenticate API users using an HTTP authentication provider, see Authenticate API Users using an HTTP Authentication Provider.