search cancel

strong rest api protection


Article ID: 237802


Updated On:


CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)


we are wondering whether it's possible to protect the strong rest api with autentication.

We read through the documentation that it's possible to protect the risk api with the following line in the


So the question is: is it possible to protect also the strong api with something like StrongAuth.AnAConfiguration=All ?


Release : 9.1

Component : RiskMinder(Arcot RiskFort)


Rest API is already protected by the AuthToken which is generated after validating the Admin credentials, more details here in this document link.

You can generate the token and then pass this token in the header  for the Rest API calls, there is no need of doing AnA as this is already protected. 

It is always recommended to pass the AuthToken so the API is protected and that Token is validated first and then actual API.

To enable AnA for Webfort Rest API, you need to enable it from the Master Admin Console -> Services and server configurations -> Administration Console -> Authentication and Authorization

You can enable the API authorization from this page. It is not available from file for Webfort aka Strong Auth API's.