oauth-2.0oauthwso2wso2-api-managerendpointsecurity

Is Endpoint Security Authentication in WSO2 APIM Done per API or per request?


We have 3 types of endpoint security in Wso2 apim:

  1. Basic
  2. Digest
  3. Oauth2

I am using Oauth2. You can see UI of endpoint security configurations here:

enter image description here

My question is: if we have many users, how will endpoint authenticating be done? Per user? Or using cache for the API?


Solution

  • A cache is maintained here per API. You can check the code - https://github.com/wso2/carbon-apimgt/blob/master/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/mediators/oauth/OAuthTokenGenerator.java#L65