How to apply 2 Authentication into API Gateway for same API Endpoint?

nullmicgo · October 5, 2022, 2:53am

What product/components do you use and which version/fix level are you on?

webMethods API Gateway

Is your question related to the free trial, or to a production (customer) instance?

Production (customer) instance

What are you trying to achieve? Please describe it in detail.

I was trying to apply 2 Authentication in API Gateway for the same API.
In the below diagram, Use Case 1 - Customer will call the API and it is using JWT Validation in API Gateway.
In Use Case 2, it is a batch job process to API through webmethod API Gateway.

According to the document, it is supporting the ‘OR’ Condition.
But it seems it would throw an error for the mTLS-only case.
Please advise

Do you get any error messages? Please provide a full error message screenshot and log file.

Have you installed all the latest fixes for the products and systems you are using?

Prabaa · October 11, 2022, 6:23am

Hi Michael,
I have few questions on the use case. Are you trying to use JWT OR SSL cert as authentication? Also have you set up any applications?

Please share the error you are receiving when you are trying SSL only.

Regards.

nullmicgo · October 16, 2022, 2:03pm

Are you trying to use JWT OR SSL cert as authentication? <— I was trying to 2 Authentication.
1 is JWT and the other is SSL Cert.
Because JWT one is a request coming from a user.
SSL Cert is a Backend Schedule Job to call into the same API.

I didn’t have an error yet but want to understand if this setup is technically feasible or not.

Prabaa · October 17, 2022, 5:42am

Hi Michael,
This is possible if you use condition type OR in Identify & Authorize policy.

Regards.

nullmicgo · October 17, 2022, 8:18am

Thank you. will try

nullmicgo · October 31, 2022, 2:13am

HI @Prabaa

sorry, still have a questions on this

If I have to support 2 different JWT Validation on the same API, how to config it from the panel?
For example the same API for Customer and Staff Access. They will have two different AuthN.
In (2), it is only allowed to select 1 JWT.
and not allowed me to add one more “Identity and Authorize Application” (3).
Not sure if the correct way to make it support 2 JWT Validation is.
Thank you

system · April 30, 2023, 12:24pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configuring Basic Authentication and LDAP in API Gateway webMethods , API-Management , API-Gateway	2	771	February 25, 2023
webMethods.io API - Identify & Authorize Application using SSL Certificate webMethods , API-Management , API-Gateway	2	2082	April 2, 2021
Scopes and authentication schemas webMethods , API-Management , API-Gateway	4	618	April 2, 2021
API Gateway- REST API with two way SSL Configuration webMethods , API-Management , API-Gateway	4	3509	April 2, 2021
Securing APIs using 3rd party OAuth 2 provider in API Gateway Knowledge base webMethods , API-Management , API-Gateway	2	5231	February 12, 2024