Securing the Inventory API | IBM API Connect PoT

API Developer

Modify the security policy for your new API version to tell it to use your OAuth 2.0 provider.

Apply an OAuth Security Policy

Navigate to the Security Definitions section.

Click the + icon in the Security Definitions section and select OAuth from the menu.

A new security definition is created for you, called oauth-1 (OAuth).
Scroll down to edit the newly created security definition.

Set it to have the following properties:

Name: oauth

Description: Resource Owner Password Grant Type

Flow: Password

Token URL: <Catalog Gateway Endpoint>/oauth2/token

Important:
The Token URL will be based upon the location of your Org and Space running on Bluemix public.

You can find your Gateway Endpoint URL by logging into Bluemix and launching the API Connect service, then navigate into your catalog (the default catalog created is Sandbox).

From there go into Settings, then choose the Gateways option from the side menu palette. Locate the ENDPOINT, simply copy and paste the contents into the Token URL field of your API OAuth settings, then append /oauth2/token.

Tip:
You will need the Gateway Endpoint URL later. Save the Gateway Endpoing URL value to a text editor for easy access.
Click the + icon in the Scopes section to create a new scope. Set the following properties. Note the organization portion of the token URL will be different for each student.

Scope Name: inventory

Description: Access to all inventory resources
Navigate to the Security section and check the oauth (OAuth) checkbox.
Save your changes.
Click on the <- All APis link to return to the draft API list.

Continue

Now you have a new version of the Inventory API that is secured using an OAuth provider. In the next lab, you will use the IBM API Connect Management Server’s lifecycle controls to replace the running version 1.0.0 with the new version 2.0.0.

Proceed to Lab 4 - Use Lifecycle Controls to Version your API.