HCL Marketing Platform | Security | API management | [Product] | (API configuration template)
Use the templates in this category to configure authentication for HCL® Marketing Software APIs. You can block access, require HTTPS, or require authentication for APIs.
API URI
- Description
-
For each product, the first part of the URI is resolved by the security framework, as follows:
http[s]://host:port/context root/api/product
Therefore, in this field you should enter only the resource name or names of the API you want to configure. You can obtain the string you need to enter from the product's API documentation.
The value used for this property must start with a / (forward slash); otherwise the configuration is ignored by the security framework.
This property supports an exact URL match as well a pattern match for the configured APIs.
- For an exact match, the URI may end with a forward slash ( / ) or the resource name.
- For a pattern match, the URI must end with an asterisk ( * ).
If you set the value of this property to /* the settings you use for the other properties in the category apply to all APIs for the product.
Note: For the Marketing Platform login API, this configuration property is read-only. - Default value
-
Undefined
Block API access
- Description
-
Select this option when you want to prevent an API from accessing a product. This option is not selected by default.
When an API is blocked, the security filter returns the HTTP status code 403 (forbidden).
Secure API access over HTTPS
- Description
-
Select this option when you want to allow the API to access a product only over HTTPS. This option is selected by default.
When an API with this property enabled is accessed over HTTP rather than HTTPS, the security filter returns the HTTP status code 403 (forbidden).
Require authentication for API access
- Description
-
Select this option when you want to require an API to authenticate before it can access a product. This option is selected by default.
When an API with this property enabled is accessed with invalid credentials, the security filter returns the HTTP status code 401 (unauthorized).
Note: For the Marketing Platform login API, this configuration property is disabled, as this API is the first to be called for API authentication.