REST API authentication methods and client permissions
Working with the Identity Cloud REST APIs requires you to understand at least two important concepts:
-
The authentication method supported by the API endpoint. Identity Cloud REST APIs support a number of different authentication methods (Basic authentication, token-based authentication, etc.), but no single endpoint supports all these methods.
-
Whether the endpoint supports the use of API client allow lists. Allow lists enable you to specify which IP addresses can be used to call an endpoint. Some Identity Cloud APIs support API client allow lists and some don't.
See the table below (and follow the links) to learn more about what you can and can't do with different Identity Cloud APIs.
API collection | Allowed authentication methods | Respects the client allow list |
|---|---|---|
Authentication APIs | * Basic authentication | Sometimes](doc:api-client-allow-lists-1) |
Configuration APIs | * Basic authentication | |
Custom Provider APIs |
| No |
Entity and Entity Type APIs | * Basic authentication | |
Hosted Login, OAuth, and OpenID Connect APIs | * Token-based authentication | No |
Legacy Client and Settings APIs | * Basic authentication | |
SIEM Event Delivery Service APIs | * Basic authentication | No |
Social Login APIs | * API key | No |
Webhooks v3 APIs | * Token-based authentication | No |
See also
Updated 15 days ago