API Manager Security Configuration

Report · Feb 12, 2018

I am looking for ways to better secure our APIs through API Manager. Originally, I was looking for a way to implement JWT, but I don't see anything in the API manager for that (If you know of something I am missing, please let me know). My question, though, involves the Admin screen "Security Configuration". I can't find any documentation on this screen, and there is an option for "encryption seed", but I don't know what that does or how to set it up (or if it will help my in securing my APIs).

If someone has information or documentation on any of these things, please let me know.

Report · Feb 12, 2018

I finally found docs on the encryption seed here, though it was rather difficult to find: https://helpx.adobe.com/coldfusion/api-manager/api-mgmt-server-admin.html

Still haven't found any information on JWT. It would also be nice if I could find an article on security best practices with the API manager.

Report · Feb 12, 2018

Hi,

Please check this article also. API Manager Security Part -1 | Adobe Developer Connection

I will check for JWT.

Thanks,

Priyank Shrivastava

Thanks,
Priyank Shrivastava

Report · Feb 12, 2018

Hi,

Can you please share your use case, how you want to implement it. (For OAuth2 instead of Bearer tokens want to use JWT ?)

Thanks,

Priyank

Thanks,
Priyank Shrivastava

Report · Feb 12, 2018

With JWT I have always used tokens instead of OAuth.

Report · Feb 12, 2018

Yes, I have seen this article, thanks, though it's more howto than best practice. I find it curious, though, that the article is titled "part 1" and was written a long time ago, and even states to refer to part 2 for more information - and yet there is no part 2.

Adobe Community

API Manager Security Configuration