which is good approach for Internal api with Product multi Authentication ?

maulikhdave
Participant II

I have API which are inside product.

I already have developer app who varify by API key.

But for my internal API I have user name password and token varification.

So what will be best approach.

I will have more consumer.

And I will have more key

So what is best approach to achieve this.

I m managing consumer authentication by API key for apigee.

I m looking for correct approach to achieve internal API authentication which use user password separate for each consumer

0 1 194
1 REPLY 1

sidd-harth
Participant V

Generally speaking, API Key is not used for security purpose. It is used to identify the dev app.

In your case maybe you can go ahead with Password Grant OAuth 2.0 to validate the user credentials and issuing OAuth tokens with expiry time.

For validating the credntials you need to make a Service callout to your IdP and based on the response you need to generate tokens. More info in below link,

https://docs.apigee.com/api-platform/security/oauth/implementing-password-grant-type