types of authentication I can use from Ariba to Apigee Edge?

Not applicable

Hi Team,

We have a requirement where SAP Ariba would make a call to Apigee API proxy.

Understood from Ariba Team that Ariba doesn't support Oauth authentication.

Do we have any alternative to Oauth authentication to establish connectivity from Ariba -> API proxy

1 1 730
1 REPLY 1

What DOES Ariba support?

You can configure your Apigee Edge API Proxy to do one or more of the following:

  • API Key verification - basically the client needs to send in a secret API key with every request. You could send it as a header, or a query param, or even a URL path segment.
  • HttpSignature verification - the client needs to sign its request with its Consumer Secret and Apigee Edge verifies the signature using the API Key + Secret
  • OAuth v1.0a signatures.
  • OAuth v2.0 tokens - via standard OAuth v2.0 grant types, including client_credentials or the RFC7523 JWT grant type. After obtaining the token, the client (Ariba) would send the OAuth token in every request in the Authorization header.
  • Client-generated JWT. Apigee Edge would need to be configured to trust the client's public key.
  • JWT generated by some external Identity provider. Apigee Edge would need to be configured to trust the signing party, or the CA chain of the cert of the signing party.
  • SAML Assertion. Same deal with the cert and CA chain.

And finally, any of those could be coupled with a 2-way TLS connection, in which the Ariba system would present a client-side certificate to Apigee Edge, and Apigee would verify that cert and trust the identity asserted within it.

I might be missing one or two niche cases. Bottom line: Apigee is pretty flexible in how you can configure the security on the inbound API requests.