Configure Authentication
Authentication (also known as identity management) controls which API users can see and call your APIs. API calls communicate with the API Server using JSON/REST. API users access the REST API using an authentication token. API users access by way of normal HTTP. requires authentication tokens for all REST calls except the @authentication resource endpoint (because its purpose is to obtain an authentication token), the @heartbeat, the @license resource endpoint.
lac42
Authentication (also known as identity management) controls which API users can see and call your APIs. API calls communicate with the API Server using JSON/REST. API users access the REST API using an authentication token. API users access
CA Live API Creator
by way of normal HTTP. CA Live API Creator
requires authentication tokens for all REST calls except the @authentication
resource endpoint (because its purpose is to obtain an authentication token), the @heartbeat
, the @license
resource endpoint.In this article:
3
Authentication Providers
You can control API user access to API endpoints by way of an authentication provider. Authentication providers are pieces of JavaScript code that authenticate API user login credentials (username/password) and return a set of roles.
You can:
- Use thebuilt-in authenticationauthentication provider.
- Create a JavaScript or HTTP authentication provider.
Authentication Methods
You can specify an authentication provider for your API that uses
one
the following authentication methods:The Default Auth Provider Authentication Method
The
Default Auth Provider
authentication method authorizes API users using the authentication mechanism that is built-in to CA Live API Creator
. For example, the built-in authentication
authentication provider uses the Default Auth Provider
authentication method.For more information about how to authenticate API users using the
built-in authentication
authentication provider, see Authenticate API Users using the Built-in Authentication Provider.The JavaScript Auth Provider Authentication Method
The
JavaScript Auth Provider
authentication method authorizes API users using a JavaScript library. Custom authentication providers, including JavaScript authentication providers and Lightweight Directory Access Protocol (LDAP) authentication providers, use this authentication method.For more information:
- About how to authentication API users using a JavaScript authentication provider, see Authenticate API Users using a JavaScript Authentication Provider.
- About how to manage API user access to your API using an LDAP authentication provider, see Authenticate API Users using an LDAP Authentication Provider.
The HTTP Auth Provider Authentication Method
The
HTTP Auth Provider
authentication method authorizes API users using a 3rd-party authentication provider, such as OAuth, JSON Web Token (JWT), Single Sign-On (SSO). CA Live API Creator
authenticates API users using the code for your authentication provider that you defined. This method does not involve an authentication token.For more information about how to authenticate API users using an HTTP authentication provider, see Authenticate API Users using an HTTP Authentication Provider.