Basic Authentication using the API Gateway

Basic Authentication allows the Gateway to secure access to published APIs by managing identity verification internally. This approach enables you to restrict access without the requirement of a third-party identity provider.

To secure your published APIs, you must first create an Authentication Source. After the source is established, you configure the security requirements by defining the following within the source:

• Roles: Define sets of users based on specific functions, such as Administrator or General. Roles are used to limit access to specific sets of APIs.

• Groups: Organize users into workable categories (e.g., a Developer group). Groups act as the link between your users and your roles.

• Users: Define the individual identities authorized to call your APIs. Each user is assigned to a group.

Adding a Basic Authentication source

To add a new authentication source:

1. Navigate to Configure Server > Authentication and choose +New Authentication Source.
2. Enter the following details:
   • Authentication Source Name: Enter a unique name (e.g., BasicAuth).
   • Description: Provide a clear description (e.g., This is the BasicAuth source used in a configured Gateway.).
   • Identity Provider Type: Select Basic Authentication (Gateway).
3. Select OK. The page will refresh to show your newly created Authentication Source.

After you configure the authentication source, click Save and Send to Gateway to send the updates to all the Gateways using this authentication source.

note

If the authentication source is not in use by any API deployed to the Gateway, the Save and Send to Gateway button appears as Save.

You can view the APIs that use a particular Authentication Source by clicking View API Associations which opens the API Associations panel. The panel lists all the deployments for the Authentication Source.

Proceed to set up Roles, Groups, and Users.

Adding Roles, Groups, and Users

Roles

Use the Roles tab to identify the roles for your identity provider into the Authentication Source. Roles are the groups of users who serve a specific function. For example, you may have Administrator and General roles.

1. On the Roles tab, click Add Role.

2. Enter a Role Name (e.g., Administrator) and a Description.

3. Optional: Create additional roles by repeating the steps until all of your roles are created.

4. Select Save.

Groups

Use the Groups tab to add or edit the groups that your users are part of. Groups organize your users into workable categories that are assigned to specific roles. Once you have created roles on the Roles tab, you can assign groups to specific roles. For example, you might create a Developer group that has the Administer role.

1. On the Groups tab, click Add Group.

2. In the Add a Group wizard, specify a group name (e.g., Developer) and optionally a description.

3. Click Next.

4. On the Select Roles page, select one or more roles to assign to the group and click Next.

5. Review the group that you created on the Review Group page and click Finish.

6. Optional: Create additional groups by repeating the steps until all of your groups are created.

Users

Use the Users tab to add or edit the users who will be accessing your APIs. Users are the actual people who are calling an API. Once you have created groups on the Groups tab, you can assign the users to specific groups. For instance, users Mary and Greg are added to the Developer group.

1. On the Users tab, click Add User.

2. In the Add a User wizard, specify a user name and password.

3. Determine if the user is enabled to access APIs that use the Authentication Source. If they are, check the Enable box. Click Next.

4. Review the user that you created on the Review User page and click Finish.

5. Optional: Create additional users by repeating the above until all of your users are created.

6. Click Save.

Next steps

Add the newly created Authentication Source to an API deployment. Refer to Adding an authentication source to an API for more details.