We are trying to expose a REST service through the API Gateway so the client can consume it. We have a customer requirement that the Gateway should authenticate the request before passing the call to backend. They have asked for API key-based authentication in CA API Gateway. How we can implement API key-based authentication in CA API Gateway.

API Gateway

To create clients (users) with an API key, you can do the following: 

1. Go to https://<yourgatewayURL>:8443/oauth/manager
2. Click on Clients
3. Click REGISTER A NEW CLIENT
4. Fill out the Name (Organization and Description are optional)
   • NOTE: A client key and client secret are already populated
5. Click REGISTER

As an admin, you can view the client's (user's) key and secret key.

Use the attached sample policy to validate the API key. This policy works based on the following assumptions:

• You will be using an API key authorization via your client (eg. Postman)
• The key name specified will be api_key (this can be changed within the policy if you want to call it something else)
• The API key specified is in the OTK DB

The response shows the user's name and a status message OK, if the API key can be authenticated. Otherwise, it will throw an error. You can customize the error response as you see fit.