Authentication in API Management

API Management supports the following types of authentication:

• Authentication using JWT on the API Gateway.

• Basic Authentication using the API Gateway.

It is recommended you use OAuth2.0 framework with OpenID for authenticating standard external users, leveraging JWT at the API gateway. This approach provides flexibility, as it primarily requires a token that can be validated through the configured authentication source, enabling the adoption of alternative flows beyond the traditional authorization code flow.

For system-to-system communication, Mutual TLS with Client Certificate Authentication may be a preferable option. For quick prototyping or internal API use cases, Basic Authentication (username/password) via the Gateway can be utilized, allowing API execution authentication alongside Developer Portal sign-in.