In this tutorial by IBM, you will learn how to use OAuth 2.0 to secure an API to ensure that so that an application can access the API on a user's behalf using IBM’s API Connect Version 5.0.7.

About the tutorial

After creating the Branches API in the previous tutorial, you will learn to modify the security settings to allow a calling application to use the OAuth 2.0 to access the API on a user’s behalf without their password. This tutorial is divided in the following lessons: 

• Choosing your OAuth Scheme (and establishing whether your implementation will be confidential or public) 
• Creating an OAuth 2.0 provider API
• Configuring the API Security Scheme
• Acquiring an access token for your chosen scheme
• Using the access token

After completing the tutorial, you will be able to implement and test any of the following six OAuth schemes: 

• implicit flow
• application flow
• confidential password flow
• public password flow
• confidential access code flow, and 
• public access code flow

Requirements

In order to follow this tutorial, it is necessary to complete the previous tutorials in sequence.