The Harmony API Manager provides multiple settings to apply the desired level of security for each API (URL). Each setting is independent. Using a combination of independent settings allows the user to create specific levels of security for specific use cases.
To avoid conflicts between different types of authentication methods, do not assign a mix of different authentication types for a specific API or Proxy. These combinations are not allowed:
Cannot assign 1 Basic and 1 OAuth profile to a single API
Cannot assign 1 Basic and 1 Anonymous profile to a single API
Cannot assign 1 OAuth and 1 Anonymous profile to a single API
Cannot assign more than 1 OAuth profile per API
Cannot assign more than 1 Anonymous profile per API
Cannot assign the same profile more than once (no duplicates)
A profile can be assigned to a single API or to multiple APIs that are set up within the same environment.
Assume the classic configuration of one Development environment and one Production environment with 2 APIs.
An API security profile governs and secures the consumption of APIs. The security profiles allow for publishing an API or group of APIs to be consumed by a specific API consumer or a group of consumers. You can create and assign security profiles based on the organization's specific security and governance requirements. These are the available method types:
By default, a profile can access all assigned APIs up to the organization allowance for hits across all APIs within a minute. The organization allowance is stated in the Jitterbit license agreement. If the organization allowance is 10 hits per minute, only 10 hits within a minute will be allowed across all APIs.
Rate limiting at the profile level is enabled by checking the box in the Rate Limits section of the profile and selecting a number of hits in the Hits Per Minute field. This limit is per profile, not per organization, environment, or API.