Layer7 API Management

 View Only
  • 1.  Auth tokens vs. @authentication

    Posted Oct 24, 2017 10:28 AM

    Our web application is using the auth token (In request header) directly while invoking LAC APIs. Is it the right way to use it or we should add the users in the LAC and reveal the username and passwords to the end user and then they will call the @authentication API of the LAC to get the auth token and then they will pass that token in the subsequent requests.

     

    Please give your thoughts on it so that we can proceed accordingly. Thanks in advance.



  • 2.  Re: Auth tokens vs. @authentication
    Best Answer

    Broadcom Employee
    Posted Oct 30, 2017 08:03 PM

    Either is a possibility, that's really up to you. But generally speaking, CA does not recommend using the built-in authentication mechanism, and most people use some other authentication, such as LDAP or an internal system. But perhaps you're OK in your case, if you don't expect to have a large number of users.

     

    If you decide to just use the built-in authentication provider, you will have to manually create and manage users, obviously, unless you create an app to do that.

     

    The biggest question here is: how many users do you expect to have? If it's a dozen, perhaps the built-in authentication provider is OK, If it's many thousands or more, you'll almost certainly want to use something else.