REST gateway: Security configuration

To access a data grid through the REST gateway, the user must be authenticated to the WebSphere® DataPower® XC10 Appliance, regardless of whether the data grid has security enabled. The application client must always provide a basic authorization header with the authorized user ID and password in the HTTP headers of the HTTP request. To access data grids through the REST gateway, provide the user ID and password in an authorization header.

Authentication and authorization

To access to a data grid map through the REST gateway, the user or user group must be authenticated and authorized to access the specified data grid in the URI. Even if you do not have security configured on the data grid, you must configure the user group you are using to communicate through the REST gateway to have all access to the data grid. For more information about configuring access to the data grid, see Enabling security for data grids . The application client must provide a basic authorization header with the authorized user ID and password in the HTTP headers of the HTTP request.
Authorization: Basic <base64 encoded string of “userid:password”>
For more information about the basic authorization header format, see Wikipedia: Basic access authentication.

Secured data grids

You can use the REST gateway in a secured data grid configuration. To access the secured data grids, provide the user ID and password in an authorization header. The user must be authenticated and authorized to access the specified data grid in the URI.
Table 1. Secured data grids
Permission Get Post Delete
READ X    
WRITE X    
CREATE X X  
ALL X X X

Transport security

Clients that are using the REST Gateway can use the HTTPS protocol if transport security is required.