Using API security

The REST client includes several API authentication methods that can be easily configured for your API calls. The supported authentication methods are Basic, Bearer, ApiKey, and OAuth 2.0.

How to configure Basic authentication

Config config = Config.builder()
    .auth(HttpBasicAuth.builder()
      .username("user")
      .password("password")
      .build())
    .build();

How to configure Bearer authentication

Config config = Config.builder()
  .auth(HttpBearerAuth.builder()
    .bearerToken("tokenValue")
    .scheme("Bearer")
    .build())
  .build();

How to configure ApiKey authentication

API keys are supplied by client users and applications calling REST APIs to track and control how the APIs are used. For example, to meter access and prevent abuse or malicious attack. API keys include a key ID that identifies the client responsible for the API service request. This key ID is not a secret, and must be included in each request. API keys can also include a confidential secret key used for authentication, that only the client and the API service know.

Config config = Config.builder()
  .auth(ApiKeyAuth.builder()
    .apiKey("key")
    .location(ApiKeyAuth.Location.header)
    .paramName("ApiKey")
    .build())
  .build();

How to configure OAuth 2.0 authentication

Configuring the OAuth 2.0 client credentials flow

The OAuth 2.0 client credentials grant flow permits a web service (confidential client) to use its own credentials, instead of impersonating a user, to authenticate when calling another web service. In this scenario, the client is typically a middle-tier web service, a daemon service, or a web site. The client credentials flow is the simplest OAuth 2 grant, with a server-to-server exchange of your application's clientId, clientSecret for an OAuth application access token.

Config config = Config.builder()
  .auth(OAuth.builder()
    .tokenUrl("tokenUrl")
    .redirectUrl("redirectUrl")
    .scopes("scope1 scope2")
    .flow(OAuth.OAuthFlow.application)
    .tokenStore(new OAuthTokenStore.Default())
    .credentials(OAuthCredentials.builder()
      .clientId("clientId")
      .clientSecret("clientSecret")
      .build())
    .build())
  .build();

Configuring the OAuth 2.0 password grant

The password grant type is a way to exchange a user's credentials for an access token. The password grant involves only one step: the application presents a traditional username and password login to collect the user’s credentials and makes a POST request to the server to exchange the password for an access token.

Config config = Config.builder()
  .auth(OAuth.builder()
    .tokenUrl("tokenUrl")
    .redirectUrl("redirectUrl")
    .scopes("openid")
    .flow(OAuth.OAuthFlow.password)
    .tokenStore(new OAuthTokenStore.Default())
    .credentials(OAuthCredentials.builder()
      .clientId("clientId")
      .username("username")
      .password("password")
      .build())
    .build())
  .build();

How to configure Mutual TLS

With mutual authentication, a connection can occur only when the client trusts the server's digital certificate and the server trusts the client's certificate. The exchange of certificates is carried out by means of the Transport Layer Security (TLS) protocol. The REST client supports two-way authentication which can be configured by using the config object

Config config = Config.builder()
  .basePath(basePath)
  .ssl(SSLSetup.builder()
    .socketFactory()
    .hostnameVerifier()
  .build())
.build();