AnsweredAssumed Answered

OAuth and Gateway scenario

Question asked by CVarshney on Mar 8, 2019
Latest reply on Mar 8, 2019 by Stephen_Hughes

I am new to CA API Gateway and OTK tool kit. I have gateway 9.2 and OTK 4.1 installed. Our developers have developed a REST API that returns confidential data using API tool. As an administrator to CA Gateway, I need to publish it on gateway and secure it. Our ISO's direction is to use MFA to secure it. I am planning to use OAuth 2.0 to secure it along with HTTP Basic credentials from identity provider.

1. Does it make 2 factor?

2. Does somebody have a sample or template on how should I publish this on Gateway using OAuth. 

3. This API will be consumed by external partners so I will have to open it on internet. but I would like to secure it so it is not compromised. Is there any template anybody has for this kind of scenario?

4. Should I use Client Credential grant flow for this scenario as this will be a machine-to-machine communication but from out side firewall?

5. I do not want external partner to hit our OAuth server again and again for the same request. how can I achieve that?

Outcomes