API Gateway Identify a user when they call an API

Hello

I have an API configured with OAuth to authorize access based on token provided and this works. However, I would also like to identify which user called the API. Is this possible? I have API Gateway version 10.3.

Regards,

Yunus Aswat.

Hi Yunus,
Can you please elaborate a bit more on the use case? Are you looking for passing the user details to API along with OAuth?

Regards.

Hello Prabaa,

Yes I do want the user details passed and authenticated in addition to OAuth (OR is there a way to relate the OAuth token back to the user who obtained it?). I want to log using the “Log Invocation” policy so that I can aggregate and report on who accessed the API.

Regards,

Yunus Aswat.

Hi Yunus,
You can use Basic Auth along with OAuth but you have to create a custom policy in Identify and Access to do this.

Hope it helps.

Regards.

Hello Praba,

Thank you for the information.

I now have the challenge of introspecting the MessageContext to pull out the OAuth token. There appears to be very little documentation available about MessageContext. Where can I find documentation about this? Also what jars do I need?

Regards,

Yunus Aswat.

Hi Yunus,
I believe you are trying to use the MessageContext variable. Please use the below documentation.

The API for Context Variables

Regards.