I have created Proxy API for my webservice and enabled basic authentication.. but when I tested this proxy API, even when I am passing invalid credentials to Basic Authentication it is allowing to access my service.. Can you please help me on this.
Answer by Michael Malloy
·
Jan 07, 2015 at 09:45 PM
Hello Babu,
The preferred authentication scheme is OAuth1 or OAuth2, using tokens rather than user names and passwords. The documentation for this can be found here: http://apigee.com/docs/api-services/content/oauth-home. There are a number of advantages of using OAuth over password security. OAuth1 in particular, can be implemented quite easily and uses only the Verify Access Key policy to secure your API. I hope that you can possibly move to this strategy because it has many advantages.
types of authentication I can use from Ariba to Apigee Edge? 1 Answer
HMAC request validation 4 Answers
Oauth 2.0 - Resource Owner (user) specific tokens 3 Answers
Apigee Impersonation Capability 0 Answers