This tutorial shows different ways how to protect REST APIs using the Airlock Secure Access Hub. It is especially thought for protecting APIs used by mobile apps.
Further information about the REST API (especially Authentication API) can be found here: REST APIs provided by IAM.
- It covers the following cases:
- Using the Authentication REST API (Loginapp) with cookie-based session tracking. See Using gateway-generated cookies for session tracking.
- Using the Authentication REST API (Loginapp) with header-based session tracking. See Using header tokens for session tracking.
- Using JWT bearer tokens.
- Using the Device Token authentication step.
- Persistent REST Authentication using OAuth 2 PKCE ("Pixy").
The tutorial assumes the following scenario including usage of the "one-shot" authentication flow (see also HTTP request authentication (Airlock One-Shot flow)):
