Securing a REST API by using HTTPS

Secure the communications between a REST API and an HTTP client by enabling HTTPS.

Before you begin

You must create a REST API in the IBM® Integration Toolkit, see Creating a REST API.

About this task

Secure the communications between a REST API and an HTTP client by enabling HTTPS. You can enable HTTPS just for encryption, or you can also configure a REST API for client authentication (mutual authentication). Because REST APIs always use the integration server HTTP listener for the integration server, you must configure the integration server HTTP listener.

Note: You cannot use the integration node HTTP listener with REST APIs.

Procedure

To enable HTTPS for a REST API, complete the following steps:

Configure the integration server HTTP listener to use SSL. Set up a public key infrastructure (PKI) at integration node level, see Setting up a public key infrastructure.
In the Application Development view, which is under the REST API project, open the REST API Description for the REST API for which you want to enable HTTPS.
Under Security Options, select Enable HTTPS in the REST API Description.
Package and deploy your REST API to an integration server, see Packaging and deploying a REST API.

Results

Your REST API is secured by using HTTPS.

What to do next

You can complete the following optional tasks:

Secure your REST API by authenticating users with HTTP Basic Authentication, see Securing a REST API by using HTTP Basic Authentication.
If your REST API is going to be used by client-side code that is running in a web browser, you might have to configure Cross-Origin Resource Sharing, see Permitting web browsers to access a REST API by using Cross-Origin Resource Sharing.