Security policies are rules that define the authentication methods that API consumers must use when they access an operation. When you create a security policy, the default authentication method is basic. You can change the authentication method of the policy or add more authentication methods.
You can select one or more of the following authentication methods for a security policy:
•Anonymous. API consumers access the operation without having to enter a user name or password. You can't use anonymous authentication with any other authentication method.
•Basic. API consumers access the operation with an Informatica Intelligent Cloud Services user name and password.
•OAuth 2.0. You create an OAuth 2.0 client. API consumers use the client credentials to generate an OAuth 2.0 authorization token that they use to access the operation. API Center uses the client credentials grant type for OAuth 2.0 authentication.
•JSON web token (JWT). You generate a JSON web token that API consumers use to access the operation.
You define and assign security policies when you create APIs and operations. You can use an existing security policy or create a new security policy. When you deploy an API, you can override the policies that are assigned to it.
The API References area of an authentication policy displays all the designed APIs that use the policy.