Add a Security Definition to your API

  1. Create a Security Definition

    • To add OAuth security to your API in the Design editor,

    • Jump to the Security Definitions section from the left menu,

    • Click the Add icon in the Security Definitions section to add a new security definition,

    • Select OAuth,

  • In Introspection URL enter the Custom AppID API endpoint, e.g. `https://api.<api region>.apiconnect.appdomain.cloud/<username>-dev/sb/custom-appid-api/introspect`, or the Node-RED POST /introspect endpoint https://<nodered-app-name>.<nodered-region>.cf.appdomain.cloud/introspect

  • Under Flow select type Application,

  1. Enable Security

    • Jump to the Security section from the left menu,

    • Click the Add icon to add a new security,

    • Check the security option for OAuth that was added,

  • Browse to the Source tab,

  • A security definition should have been added to the Open API Spec source,

securityDefinitions:
  oauth-1:
    type: oauth2
    description: ''
    flow: application
    scopes: {}
    x-tokenIntrospect:
      url: 'https://api.<api region>.apiconnect.appdomain.cloud/<username>-dev/sb/custom-appid-api/introspect'
security:
  - oauth-1: []

  • Or when using the Node-RED Test Server endpoints,

    securityDefinitions:
  oauth-1:
    type: oauth2
    description: ''
    flow: application
    scopes: {}
    x-tokenIntrospect:
      url: 'https://<nodered-app-name>.<nodered-region>.cf.appdomain.cloud/introspect'
security:
  - oauth-1: []

  • From the top right, select the save icon,

  • From the top right drop down menu, select the option Add to existing products, or if you do not have a product yet, select the option Generate a default product,

  • Select the product to add your API draft to,

  • Your API should now be protected by AppID using OAuth OIDC with grant_type=password,

PreviousCreate a Custom AppID API

Last updated