[Part 2/3] Securing APIs using JSON Web Token (JWT) in IBM API-Connect v10 using X.509 RSA key pair

Hello Tech Enthusiasts,

Please refer to the previous article, Part 1, to understand how we generate and upload certificates in IBM API Connect.

This article continues focusses on the generation of JWT tokens using the APIC v10 jwt-generate policy.


This content originally appeared on DEV Community and was authored by Aditya Singh

Hello Tech Enthusiasts,

Please refer to the previous article, Part 1, to understand how we generate and upload certificates in IBM API Connect.

This article continues focusses on the generation of JWT tokens using the APIC v10 jwt-generate policy.

  • Login to APIC Manager console and go to develop tab. Create new API using OpenAPI 2.0. You can use OpenAPI 3.0 as well as jwt-generate policy remains the same.
  • Give the Title as ‘JWT Generation and Validation’ and base path ‘/securetoken’. Select next and create the API
  • Delete the blank path and create following path with ‘get’ Operations. I’m using get here, but it may vary according to your requirement. For now, I’m keeping it simple.

API Manager Design Tab

  • Navigate to the Gateway tab and drag the operation-switch into the assembly section.
  • Construct two cases based on the operations as follows

assembly-operation-switch

  • For generate part, drag the jwt-generate in the assembly section and fill the forms as following:
  1. Empty the JSON Web Token as we prefer the response to be sent tin Authorization header.
  2. Issuer Claim: request.headers.iss-claim
  3. Audience Claim: request.headers.aud-claim
  4. Reduce the validity period to 60seconds to facilitate the testing of both successful and failure scenarios easily.
  5. Cryptographic Algorithm: RS256
  6. Sign Crypto Object: personal_sandbox_tlsp-jwt-keyprofileV1.0.0-key

apic-jwt-generate

  • Click Save and Publish the API.

For simplicity, I’m only using X-IBM-Client-Id as client validation. Let’s generate JWT token now

Postman Generate JWT

When using Postman, consider automating the token process with JavaScript instead of copying and pasting the token manually.

Select the Request in Postman and go to Scripts tab. Add following JavaScript to the ‘post-response section’

let access_token = pm.response.headers.get("Authorization");
pm.globals.set("jwt_token", access_token);

Let’s move to now Part 3 of validation of above generated token.


This content originally appeared on DEV Community and was authored by Aditya Singh


Print Share Comment Cite Upload Translate Updates
APA

Aditya Singh | Sciencx (2024-09-25T07:30:48+00:00) [Part 2/3] Securing APIs using JSON Web Token (JWT) in IBM API-Connect v10 using X.509 RSA key pair. Retrieved from https://www.scien.cx/2024/09/25/part-2-3-securing-apis-using-json-web-token-jwt-in-ibm-api-connect-v10-using-x-509-rsa-key-pair/

MLA
" » [Part 2/3] Securing APIs using JSON Web Token (JWT) in IBM API-Connect v10 using X.509 RSA key pair." Aditya Singh | Sciencx - Wednesday September 25, 2024, https://www.scien.cx/2024/09/25/part-2-3-securing-apis-using-json-web-token-jwt-in-ibm-api-connect-v10-using-x-509-rsa-key-pair/
HARVARD
Aditya Singh | Sciencx Wednesday September 25, 2024 » [Part 2/3] Securing APIs using JSON Web Token (JWT) in IBM API-Connect v10 using X.509 RSA key pair., viewed ,<https://www.scien.cx/2024/09/25/part-2-3-securing-apis-using-json-web-token-jwt-in-ibm-api-connect-v10-using-x-509-rsa-key-pair/>
VANCOUVER
Aditya Singh | Sciencx - » [Part 2/3] Securing APIs using JSON Web Token (JWT) in IBM API-Connect v10 using X.509 RSA key pair. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/09/25/part-2-3-securing-apis-using-json-web-token-jwt-in-ibm-api-connect-v10-using-x-509-rsa-key-pair/
CHICAGO
" » [Part 2/3] Securing APIs using JSON Web Token (JWT) in IBM API-Connect v10 using X.509 RSA key pair." Aditya Singh | Sciencx - Accessed . https://www.scien.cx/2024/09/25/part-2-3-securing-apis-using-json-web-token-jwt-in-ibm-api-connect-v10-using-x-509-rsa-key-pair/
IEEE
" » [Part 2/3] Securing APIs using JSON Web Token (JWT) in IBM API-Connect v10 using X.509 RSA key pair." Aditya Singh | Sciencx [Online]. Available: https://www.scien.cx/2024/09/25/part-2-3-securing-apis-using-json-web-token-jwt-in-ibm-api-connect-v10-using-x-509-rsa-key-pair/. [Accessed: ]
rf:citation
» [Part 2/3] Securing APIs using JSON Web Token (JWT) in IBM API-Connect v10 using X.509 RSA key pair | Aditya Singh | Sciencx | https://www.scien.cx/2024/09/25/part-2-3-securing-apis-using-json-web-token-jwt-in-ibm-api-connect-v10-using-x-509-rsa-key-pair/ |

Please log in to upload a file.



There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.

Related Posts