Skip to main content Skip to complementary content
Qlik Resources
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

Designing API security

As part of the API design process, you need to specify which consumers can access your API (authentication) and what they are allowed to do (authorization).

Information noteNote: Talend Cloud API Designer allows you to define security parameters for design and documentation purposes, but security is not implemented automatically when using the API definition in Talend Studio.

You may want to simply define a common security for your entire API, or choose a finer policy with a specific security for a critical resource.

You may also want to specify that certain operations are freely accessible without authentication.

Talend Cloud API Designer can handle all these cases with the main security types:
  • Basic authentication
  • Bearer authentication
  • Digest authentication
  • OAuth 1.0
  • OAuth 2.0
  • OpenID Connect
  • Custom / API key
  • Pass through

Cookie authentication is not supported.

Creating a security scheme

Create a security scheme to be used globally in your API version or in individual elements.

Procedure

  1. Go to the general information page of your API.
  2. Scroll down to the SECURITY SCHEMES section, and click Add to create a new scheme.
  3. Select a Type in the drop-down list and enter a Name.
  4. Optional: Enter a Description.
  5. Enter other parameters specific to the selected type.

    Example

    Security scheme definition example.
  6. Click Save.

Results

Your security scheme is now created, you can use it in your API's global settings or in specific resources and operations.

Defining your API security

Define security schemes for your API, resources, and operations.

Procedure

  1. Click the name of your API to go to the general information.
  2. Add your security schemes and select the ones that you want to apply globally to your API version.
    In this example, the Petstore API is secured by petstore_auth with the scope write:pets.
  3. Click Save.
  4. Select a resource and choose the security schemes your want to apply to all of your resource's operations.
    Alternatively, you can select an operation to define its specific security.
    In this example, the Find Pets by tags method is secured using petstore_auth.
  5. Click Save.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here