Add a Security Definition to your API

Create a Security Definition
- To add OAuth security to your API in the Design editor,
- Jump to the Security Definitions section from the left menu,
- Click the Add icon in the Security Definitions section to add a new security definition,
- Select OAuth,

In Introspection URL enter the Custom AppID API endpoint, e.g. `https://api.<api region>.apiconnect.appdomain.cloud/<username>-dev/sb/custom-appid-api/introspect`, or the Node-RED POST /introspect endpoint https://<nodered-app-name>.<nodered-region>.cf.appdomain.cloud/introspect
Under Flow select type Application,

Enable Security
- Jump to the Security section from the left menu,
- Click the Add icon to add a new security,
- Check the security option for OAuth that was added,

Browse to the Source tab,
A security definition should have been added to the Open API Spec source,

securityDefinitions:
  oauth-1:
    type: oauth2
    description: ''
    flow: application
    scopes: {}
    x-tokenIntrospect:
      url: 'https://api.<api region>.apiconnect.appdomain.cloud/<username>-dev/sb/custom-appid-api/introspect'
security:
  - oauth-1: []

Or when using the Node-RED Test Server endpoints,

securityDefinitions:
  oauth-1:
    type: oauth2
    description: ''
    flow: application
    scopes: {}
    x-tokenIntrospect:
      url: 'https://<nodered-app-name>.<nodered-region>.cf.appdomain.cloud/introspect'
security:
  - oauth-1: []

From the top right, select the save icon,
From the top right drop down menu, select the option Add to existing products, or if you do not have a product yet, select the option Generate a default product,
Select the product to add your API draft to,
Your API should now be protected by AppID using OAuth OIDC with grant_type=password,

PreviousCreate a Custom AppID API

Last updated 5 years ago