The Harmony API Manager provides multiple settings to apply the desired level of security for each API (URL). Each setting is independent. Using a combination of independent settings allows the user to create specific levels of security for specific use cases.
Any API is anonymous and publicly accessible by default at the time it is created, unless an appropriately configured security profile is assigned.
To avoid conflicts between different types of authentication methods, do not assign a mix of different authentication types for a specific API or Proxy. These combinations are not allowed:
Cannot assign 1 Basic and 1 OAuth profile to a single API
Cannot assign 1 Basic and 1 Anonymous profile to a single API
Cannot assign 1 OAuth and 1 Anonymous profile to a single API
Cannot assign more than 1 OAuth profile per API
Cannot assign more than 1 Anonymous profile per API
Cannot assign the same profile more than once (no duplicates)
A profile can be assigned to a single API or to multiple APIs that are set up within the same environment.
Assume the classic configuration of one Development environment and one Production environment with 2 APIs.
An API security profile governs and secures the consumption of APIs. The security profiles allow for publishing an API or group of APIs to be consumed by a specific API consumer or a group of consumers. You can create and assign security profiles based on the organization's specific security and governance requirements. These are the available method types:
By default, a profile can access all assigned APIs up to the organization allowance for hits across all APIs within a minute. The organization allowance is stated in the Jitterbit license agreement. If the organization allowance is 10 hits per minute, only 10 hits within a minute will be allowed across all APIs.